diff --git a/README.md b/README.md
index 9262144b..e35c7c4f 100644
--- a/README.md
+++ b/README.md
@@ -886,6 +886,9 @@ security:
     password-bcrypt-base64: "JDJhJDEwJHRiMnRFakxWazZLdXBzRERQazB1TE8vckRLY05Yb1hSdnoxWU0yQ1FaYXZRSW1McmladDYu"
 ```
 
+**WARNING:** Make sure to carefully select to cost of the bcrypt hash. The higher the cost, the longer it takes to compute the hash,
+and basic auth verifies the password against the hash on every request. As of 2022-01-08, I suggest a cost of 8.
+
 #### OIDC (ALPHA)
 | Parameter                        | Description                                                    | Default       |
 |:---------------------------------|:---------------------------------------------------------------|:--------------|