The verifier prevents attackers whose guessing rate is not limited to successfully guess the secrets of a significant portion of users. The rate limiting can be enforced through the verifying servers, additional throttling mechanisms, or specialized hardware. The space of secrets of schemes without this feature is not large enough to withstand brute-force attacks (not limited to exhaustive search, but also attacks using dictionaries or rainbow tables).