diff --git a/README.md b/README.md
index 6949138..bd9fd59 100644
--- a/README.md
+++ b/README.md
@@ -109,6 +109,10 @@ app.post('/login',
   });
 ```
 
+#### Brute-Force protection
+
+Local Strategy should be protected against Brute-Force attacks. One simple and good technique is [limiting failed consecutive attempts](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#minimal-protection-against-password-brute-force). More secure technique is [limiting failed consecutive attempts and many from single IP](https://github.com/animir/node-rate-limiter-flexible/wiki/Overall-example#login-endpoint-protection)
+
 ## Examples
 
 Developers using the popular [Express](http://expressjs.com/) web framework can