We need to limit login rate to prevent brute force attacks. Delay in sending the response. Blacklisting ip.
