Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Login Delay

Training Camp • Cybersecurity Glossary

What is Login Delay?

A deliberate pause enforced between failed login attempts to throttle brute-force and credential-stuffing attacks, often paired with lockout.

Glossary > Identity & Access Management > Login Delay

Understanding Login Delay

Login delay is a security control that imposes a deliberate waiting period after a failed authentication attempt before another try is permitted. By slowing the rate at which credentials can be tested, it makes automated brute-force and credential-stuffing attacks impractical while having minimal impact on legitimate users who type a correct password.

The mechanism enforces a fixed or escalating delay on each unsuccessful attempt. A fixed delay might block retries for one or two seconds; an exponential or progressive delay grows after each failure (for example 1s, 2s, 4s, 8s), quickly making mass guessing infeasible. On Cisco IOS devices the `login delay` command sets the seconds between successive login attempts, and it is commonly combined with `login block-for` to halt logins entirely after a threshold of failures within a time window.

This matters because password endpoints are a primary attack surface. Without rate limiting, an attacker can submit thousands of guesses per second against SSH, VPN, web, or console logins. Login delay raises the time cost of each attempt by orders of magnitude, turning a feasible offline-speed online attack into one that would take years. It complements, rather than replaces, account lockout, MFA, and strong password policies.

For example, a network engineer hardening a router configures `login block-for 120 attempts 3 within 60` and `login delay 2`. After three failed SSH logins in 60 seconds the device enters a 120-second quiet period, and during normal operation each attempt is separated by a two-second delay. An attacker scripting password guesses is throttled to a trickle and ultimately locked out, while authorized administrators experience only a brief, barely noticeable pause.

Learn More About Login Delay:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →