To strengthen the security of our application and mitigate the risk of automated password-guessing attacks on user accounts, we recommend implementing a CAPTCHA system on both the "Login" and "Forgot Password" pages.
A robust server-side CAPTCHA implementation will effectively reduce the likelihood of such attacks. We urge you to prioritize the addition of this security feature to the relevant forms.