I just got the email from haveibeenpwned. F Trello.

  • Saik0A
    link
    fedilink
    English
    arrow-up
    8
    arrow-down
    1
    ·
    10 months ago

    Inserting a literally meaningless delay like 5 seconds is sufficient to make your service virtually impenetrable to mass bruteforce/stuffing attacks. Credential stuffing become untenable when your trying to stuff 1million creds with a 5 second cooldown. Most normal users who would hit it would just think their wifi or cell service hicupped.