I've read some about login security and I've found a good practice for preventing rapid-fire login attempts. The idea is apply a short time delay that increases with the number of failed attempts, like:
- 1 failed attempt = no delay
- 2 failed attempts = 2 sec delay
- 3 failed attempts = 4 sec delay
- 4 failed attempts = 8 sec delay
- 5 failed attempts = 16 sec delay
- etc.
I understand the idea, but I would like to know how to code this. Where and how should I put the delay? In the backend or in the frontend? I think it would be in the backend... But, how could I do that? How can I stop the current attempt for any seconds and continue? Any idea?
Thanks!
