Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive “electronic payments” can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.
You can download it from the following link: https://packetstormsecurity.com/files/download/36746/NISR-AntiBruteForce.pdf
Source: https://packetstormsecurity.com/files/36746/NISR-AntiBruteForce.pdf.html