@Edent Let's assume the website doesn't have any rate-limiting protection (that would be the best defense mechanism against a time-based auth)
To test the 1M possible combinations in 1 minute, you'd need 16.6k req/s. It sounds like a lot, but you don't have to get it on the first try.
Dividing the problem space by N gives you 1/N chances of getting it right one time. Repeat that process 2*N times and you should get a good chance of getting in.
For N=1024, that's 1.5 days at 16req/s