Hello there,

First thanks for the great package. I have been implementing it in a project, but I was surprised not to find a mechanism to limit retries. With a 6 digit token there is exactly a million possible combination - which seems easy to brute force in 15 minutes.

Is there a mechanism I missed to prevent these types of attacks ? If not, would you be open to a PR implementing the functionality ?

Bests,
Sylvain