diff --git a/rate_limiter.rst b/rate_limiter.rst
index c468025dc17..a99c01191af 100644
--- a/rate_limiter.rst
+++ b/rate_limiter.rst
@@ -360,6 +360,8 @@ the :class:`Symfony\\Component\\RateLimiter\\Reservation` object returned by the
         }
     }
 
+.. _rate-limiter-storage:
+
 Storing Rate Limiter State
 --------------------------
 
diff --git a/security.rst b/security.rst
index e253dc68013..583f5e19f9a 100644
--- a/security.rst
+++ b/security.rst
@@ -1462,6 +1462,10 @@ You must enable this using the ``login_throttling`` setting:
 
     The ``login_throttling.interval`` option was introduced in Symfony 5.3.
 
+Internally, Symfony uses the :doc:`Rate Limiter component </rate_limiter>`
+which by default uses Symfony's cache to store the previous login attempts.
+However, you can implement a :ref:`custom storage <rate-limiter-storage>`.
+
 Login attempts are limited on ``max_attempts`` (default: 5)
 failed requests for ``IP address + username`` and ``5 * max_attempts``
 failed requests for ``IP address``. The second limit protects against an