spec checked
OWASP Authentication Cheat Sheet login throttling
Documents login throttling, account lockout thresholds, observation windows, lockout duration, exponential lockout, denial-of-service risk, CAPTCHA cautions, logging and monitoring, and password-manager guidance.
Pattern Decisions This Source Supports
| Pattern | Supported decision | Required contract | Claim note |
|---|---|---|---|
| Login | Choose login when the user has submitted credentials or an authenticator and the UI must show the result, next retry, lockout, or session-created state. | Submitting credentials enters one clear verifying state and prevents duplicate submissions until the login result returns. | OWASP supports login throttling, account lockout policy factors, exponential lockout, CAPTCHA cautions, and monitoring. |
Evidence Role
This source is treated as spec evidence. Use it to validate the decision rules above, not as a visual style reference.
Publisher: OWASP Cheat Sheet Series. Last checked: .