I've read some about login security and I've found a good practice for preventing rapid-fire login attempts. The idea is apply a short time delay that increases with the number of failed attempts, like:
I understand the idea, but I would like to know how to code this. Where and how should I put the delay? In the backend or in the frontend? I think it would be in the backend... But, how could I do that? How can I stop the current attempt for any seconds and continue? Any idea?
Thanks!
I find that I should put it in the backend using some method that delay the current thread like it's been seen here.
If I do that, it won't affect the other users, isn't it?