I want to be able to throttle token requests for invalid secrets to prevent brute forcing. Can anyone point me to a reference that describes how to go about that?
Printable View
I want to be able to throttle token requests for invalid secrets to prevent brute forcing. Can anyone point me to a reference that describes how to go about that?
One way (probably the most common and certainly the easiest to implement) to do it is to use a high entropy password encoder. BCrypt was basically designed for this use case.