Secure Auth from BruteForce

[MrVibe]

I am using Supabase Client side auth, what is the best way to protect from Bruteforce auth attempts ?

[bytaesu]

https://supabase.com/docs/guides/auth/rate-limits

Supabase Auth has a rate limit.

If authentication is performed only on the client side, it might be difficult to securely implement custom verification on the server side.

By using an OTP verification step that can be controlled by the Supabase instance’s rate limit, user attempts will always remain within the defined rate limits.

[MrVibe]

that means genuine users will be unable to use auth if someone is attempting brute-force which is not the desired outcome.