but that doesn't prevent people sitting on other side trying usernames and passwords all day, and they usually have it automated.
Do you mean password cracking? This risk is pretty obvious and somehow unavoidable. So I believe you are suggesting me to set a very "strong" password for every user, right?
Also, SSL/TLS is supposed to encrypt the password during the authentication process, isn't it?
For me i don't leave open logins at the wan side
Why? Even an inactive (and, in theory, encrypted) connecton might be a potential security risk?