The 45 second wait time between login attempts is not going to change and is the same for everyone. It is to prevent people from trying to brute force passwords.
The same thing can be accomplished with a 3 second delay per attempt and locking an account after 5 attempts, but whatever. I have a set of 5 passwords that I rotate on my log-ins and sometimes forget which I use on what site... so a 45 second delay per log-in attempt is ridiculous.
The longer the delay the more difficult it will be to brute force a password. It is especially important to make it a long time between attempts because people can likely get around the delay to an extent (via changing their IP address after each attempt - but they would have limited numbers of IP addresses).
It would also not be feasible to lock out accounts after 5 attempts as people do not need to have an associated email address nor secret question with their account.