User's account lockout `failed_attempts` count incorrectly increments by 2 during each failed login

Summary

A user's failed_attempts will increment by 2 during a failed login attempt instead of by 1.

This means a user's account is locked after 5 failed login attempts instead of the configured 10.

Steps to reproduce

1. Open a rails console, find a user and check its failed_attempts value:

   user = User.find_by_username('<the username>')
   user.failed_attempts # => 0

2. Attempt to log in with an incorrect password
3. Check the user's failed_attempts again:

   user.reload.failed_attempts # => 2

What is the expected correct behavior?

The user's failed_attempts should increment by 1.