The verifier prevents attackers whose guessing rate is limited to successfully guess the secrets of a significant portion of users. The rate limiting can be enforced through the verifying servers, additional throttling mechanisms, or specialized hardware. The secrets of schemes without this feature usually are chosen by users from a corpus of commonly selected values, even though theoretically a great variety of secrets could be chosen.