Wait between attempts increases with each unsuccessful attempt. This should permit no more than 10 guesses in 5 minutes
Adding a delay between login attempts can slow down a brute-force attack drastically. However, be mindful that staff members can become frustrated with increasing delays, so consider applying a lockout policy instead, which locks accounts after a specific number of unsuccessful attempts.
Last changed: 13 August 2022