Added random delay in forgot password to lessen the risk the response times can be use to determine whether the mail exist or not.

src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs

@@ -1,5 +1,6 @@
 using System.Globalization;
 using System.Security.Claims;
+using System.Security.Cryptography;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@@ -427,6 +428,8 @@ public class AuthenticationController : UmbracoApiControllerBase
             }
         }
 
+        await Task.Delay(RandomNumberGenerator.GetInt32(400, 2500));
+
         return Ok();
     }