Security/Guidelines/auth backoff

Authentication backoff algorithms reduce the efficacy of brute force attacks on authentication services. They typically work by introducing increasingly large periods of time between processing authentication requests from a source that failed it's initial attempt. Due to their mode of operation authentication backoff algorithms can help to reduce system load during Denial of Service attacks against authentication services.

Backoff algorithms are nothing new, many protocols use them for congestion or collision management, most use an exponential lockout period. However this should be configurable.