Login: Rate limit authentication attempts

NIST recommends the following: 

> Verifiers SHALL implement a rate-limiting mechanism that effectively limits the number of failed authentication attempts that can be made on the subscriber’s account

https://pages.nist.gov/800-63-3/sp800-63b.html