diff --git a/rate_limiter.rst b/rate_limiter.rst
index 65a0243e5e8..315f8c23428 100644
--- a/rate_limiter.rst
+++ b/rate_limiter.rst
@@ -11,7 +11,7 @@ defensive measure to protect services from excessive use (intended or not) and
 maintain their availability. It's also useful to control your internal or
 outbound processes (e.g. limit the number of simultaneously processed messages).
 
-Symfony uses these rate limiters in built-in features like "login throttling",
+Symfony uses these rate limiters in built-in features like :ref:`login throttling <security-login-throttling>`,
 which limits how many failed login attempts a user can make in a given period of
 time, but you can use them for your own features too.
 
diff --git a/security.rst b/security.rst
index 2cf429e6dd4..274aace86b4 100644
--- a/security.rst
+++ b/security.rst
@@ -1368,6 +1368,8 @@ Enable remote user authentication using the ``remote_user`` key:
     :ref:`the configuration reference <reference-security-firewall-remote-user>`
     for more details.
 
+.. _security-login-throttling:
+
 Limiting Login Attempts
 ~~~~~~~~~~~~~~~~~~~~~~~
 
diff --git a/security/custom_authenticator.rst b/security/custom_authenticator.rst
index 4e38e01e82b..f78560d8340 100644
--- a/security/custom_authenticator.rst
+++ b/security/custom_authenticator.rst
@@ -168,6 +168,11 @@ can define what happens in these cases:
     useful for e.g. login forms, where the login controller is run again
     with the login errors.
 
+    If you're using :ref:`login throttling <security-login-throttling>`,
+    you can check if ``$exception`` is an instance of
+    :class:`Symfony\\Component\\Security\\Core\\Exception\\TooManyLoginAttemptsAuthenticationException`
+    (e.g. to display an appropriate message).
+
     **Caution**: Never use ``$exception->getMessage()`` for ``AuthenticationException``
     instances. This message might contain sensitive information that you
     don't want to be publicly exposed. Instead, use ``$exception->getMessageKey()``