diff --git a/cheatsheets/Authentication_Cheat_Sheet.md b/cheatsheets/Authentication_Cheat_Sheet.md
index 9f3c01ac12..5c554cec88 100644
--- a/cheatsheets/Authentication_Cheat_Sheet.md
+++ b/cheatsheets/Authentication_Cheat_Sheet.md
@@ -209,7 +209,13 @@ Multi-factor authentication (MFA) is by far the best defence against the majorit
 
 The [Multifactor Authentication Cheat Sheet](Multifactor_Authentication_Cheat_Sheet.md) contains further guidance on implementing MFA.
 
-#### Account Lockout
+#### Login Throttling
+
+Login Throttling is a protocol used to prevent an attacker from making too many attempts at guessing a password through normal interactive means, it includes:
+
+- Maximum number of attempts.
+
+##### Account Lockout
 
 The most common protection against these attacks is to implement account lockout, which prevents any more login attempts for a period after a certain number of failed logins.
 
@@ -221,6 +227,8 @@ The counter of failed logins should be associated with the account itself, rathe
 
 Rather than implementing a fixed lockout duration (e.g., ten minutes), some applications use an exponential lockout, where the lockout duration starts as a very short period (e.g., one second), but doubles after each failed login attempt.
 
+- Amount of time to delay after each account lockout (max 2-3, after that permanent account lockout).
+
 When designing an account lockout system, care must be taken to prevent it from being used to cause a denial of service by locking out other users' accounts. One way this could be performed is to allow the user of the forgotten password functionality to log in, even if the account is locked out.
 
 #### CAPTCHA
diff --git a/cheatsheets/Password_Storage_Cheat_Sheet.md b/cheatsheets/Password_Storage_Cheat_Sheet.md
index ea2eaca561..852cae8346 100644
--- a/cheatsheets/Password_Storage_Cheat_Sheet.md
+++ b/cheatsheets/Password_Storage_Cheat_Sheet.md
@@ -145,6 +145,12 @@ The work factor for PBKDF2 is implemented through an iteration count, which shou
 - PBKDF2-HMAC-SHA256: 600,000 iterations
 - PBKDF2-HMAC-SHA512: 210,000 iterations
 
+### Parallel PBKDF2
+
+- PPBKDF2-SHA512: cost 2
+- PPBKDF2-SHA256: cost 5
+- PPBKDF2-SHA1: cost 10
+
 These configuration settings are equivalent in the defense they provide. ([Number as of december 2022, based on testing of RTX 4000 GPUs](https://tobtu.com/minimum-password-settings/))
 
 #### PBKDF2 Pre-hashing