The “token bucket” algorithm is often used in packet switched computer networks and telecommunications networks to rate-limit or throttle traffic flows. The Wikipedia article in this link provides more information.
We had a need to implement a light-weight rate-limiting system on the login forms which protect our Registrar Console and other internal systems. We have a wide range of security measures in place to prevent brute-force attacks against accounts with weak passwords, such as two-factor authentication, auto-locking of accounts after too many failed logins, and so on, but we had no protection against brute-force password reuse attacks such as the one that recently hit GitHub.