We should probably just add simple IP based rate limiting on the password check to not invite abuse.
We should probably just add simple IP based rate limiting on the password check to not invite abuse.