Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
Inserting a literally meaningless delay like 5 seconds is sufficient to make your service virtually impenetrable to mass bruteforce/stuffing attacks. Credential stuffing become untenable when your trying to stuff 1million creds with a 5 second cooldown. Most normal users who would hit it would just think their wifi or cell service hicupped.
That would be a P1 incident and probably violate SLAs depending on the duration.
Inserting a literally meaningless delay like 5 seconds is sufficient to make your service virtually impenetrable to mass bruteforce/stuffing attacks. Credential stuffing become untenable when your trying to stuff 1million creds with a 5 second cooldown. Most normal users who would hit it would just think their wifi or cell service hicupped.