Add a section on authentication throttling (laravel#9600)

* Add a section on authentication throttling

* wording

* note instead of warning

* formatting

---------

Co-authored-by: Taylor Otwell <[email protected]>

Author: stevethomas

fortify.md

@@ -205,6 +205,15 @@ Fortify::authenticateThrough(function (Request $request) {
 });
 ```
 
+#### Authentication Throttling
+
+By default, Fortify will throttle authentication attempts using the `EnsureLoginIsNotThrottled` middleware. This middleware throttles attempts that are unique to a username and IP address combination.
+
+Some applications may require a different approach to throttling authentication attempts, such as throttling by IP address alone. Therefore, Fortify allows you to specify your own [rate limiter](/docs/{{version}}/routing#rate-limiting) via the `fortify.limiters.login` configuration option. Of course, this configuration option is located in your application's `config/fortify.php` configuration file.
+
+> [!NOTE]  
+> Utilizing a mixture of throttling, [two factor authentication](/docs/{{version}}/fortify#two-factor-authentication), and an external web application firewall (WAF) will provide the most robust defense for your legitimate application users.
+
 <a name="customizing-authentication-redirects"></a>
 ### Customizing Redirects