Radar's approach to rate limiting uses a combination of traditional methods and device fingerprinting to detect threats. Traditional rate limiting has limitations, such as allowing attackers to bypass IP-based limits by rotating through proxy networks, blocking legitimate users behind shared IPs, and failing to catch distributed attacks. Radar takes a more sophisticated approach by analyzing browser and system characteristics, network behavior patterns, authentication attempt timing, geographic locations, and device fingerprinting. This allows for progressive rate limiting that becomes stricter as suspicious behavior continues, distinguishing between brute force attempts and legitimate authentication failures. The system maintains service availability during attacks by restricting the specific device fingerprint while allowing other clients to continue with normal access. Radar works in real-time, evaluating each authentication attempt as it happens, and can take various actions such as blocking, challenging, notifying administrators, or logging forensic data. Overall, Radar represents a fundamental shift from traditional methods of rate limiting and brute force protection, providing more effective stops against attacks while reducing false positives and keeping applications accessible to legitimate users.