spec checked
NIST SP 800-63B rate limiting and throttling
Documents failed authentication attempt rate limiting, disabled authenticators after excessive failures, delay before retry, risk-based controls, bot detection, successful-authentication retry reset, password-manager and paste support, and user feedback on remaining attempts or wait time.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Login | Choose login when the user has submitted credentials or an authenticator and the UI must show the result, next retry, lockout, or session-created state. | Submitting credentials enters one clear verifying state and prevents duplicate submissions until the login result returns. | NIST supports rate limiting, retry delay, bot detection, authenticator disabling, successful-login reset, and user feedback on wait time. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: National Institute of Standards and Technology. Last checked: .