The default limit of logon attempts is 3. Once you've exceeded that you
have to close the browser and re-open it. At that point you can try 3
more times. SharePoint won't lock you out, but if you try enough times
then AD will lock you out (assuming you have an AD account and are
simply mistyping your password). Sharepoint doesn't do Authentication
it hands that off to IIS and .Net.

Similar functionality exists in Forms Based Authentication.

You could set the limit down to 1, but if you do that it would require
valid users to be perfect the first time also. You can't really tell
the difference between a mistyped userid and a non-existent one.

My point was more that MOSS asked you to authenticate multiple  times,
such as when you open a document and so on.

This does not happen when you are using a computer that is part of a
local domain.

I'd like to limit the number of times you are asked for your
credentials.

It's especially annoying during the initial logon. I've got users that
actually type their password in correctly, and are asked several times
for their ID and password.

That's a setting in IE. Goto Tools -> Internet Options > Security Tab.
Add the URL for SharePoint to either Trusted Sites or Local Intranet
(either works just depends on how tight you want other security). Then
adjust the security for the Zone. At the bottom of the list you will
find a setting for "Logon with current username and password" or
something like that. It's selected by default in Local Intranet zone
but has to be chosen in Trusted Sites. That will take care of it if the
user is logging in from machine on the same AD forest as the SharePoint
server. If you have Vista and Office 2007 you will still get prompts
because of the way Vista does security.

You can also roll these settings out in an AD network with a GPO.

Yeah, that's what I thought... Of course, you told me this before, so I
apologize... brain is getting full!

I think this means that I really just need to create documents for our
external users that explain how to add trusted sites.

You could use a Active Directory group policy to push the IE settings to all
logged on client.

We have solved this problem through the use of an ISA server to
provide authentication.
We have users that are on a standardized desktop where they cannot
change any settings in IE, and cannot add trusted sites.
We still have a problem with Vista requesting authentication  for
Office documents.
Microsoft says this is not a bug, rather it is a security feature
since Vista does not allow Office apps to access the IE
authentication cookie that ISA provides.
If you authenticate once with Office in Vista, then you can hit the
Esc key and you can access further documents without having to log
in. You will still get the prompt.

We still have an open ticket with Microsoft on this issue but do not
have much hope that it will be resolved.

What you describe is actually a different issue, even though the
symptoms appear to be the same. Not sharing authentication  between
process (be it cookie, or Windows via Basic/NTLM) *is* indeed a security
feature and is indeed not likely to change anytime soon. The previous
discussions about multiple  authentication prompts concern situations
where Office should already be getting authentication via NTLM
"autosend" credentials and users are prompted anyway, a situation which
is not security related and should hopefully be fixed.