When we are using the built in Q&A CAPTCHA these two lines (common.php) are misleading
'LOGIN_CONFIRM_EXPLAIN' => 'To prevent brute forcing accounts the board requires you to enter a confirmation code after a maximum amount of failed logins. The code is displayed in the image you should see below. If you are visually impaired or cannot otherwise read this code please contact the %sBoard Administrator%s.',
'LOGIN_ERROR_ATTEMPT => 'You exceeded the maximum allowed number of login attempts. In addition to your username and password you now also have to enter the confirm code from the image you see below.',
I think we must add " or answer a question" or something similar to cover both scenerios.