Remember that, as Java Script isn't available in all browsers, you should also use server-side scripting to validate all data before recording it in a database or elsewhere.
You might also want to spice up your forms using HTML5 Form Validation as we've done further down the page.
One popular approach is to install Fail2Ban to monitor log files and lock out repeat offendors.
Of course that only works if your login system reports failed login attempts to a system log file.
For security a password should never be displayed in HTML or sent by email.