Wednesday, August 4, 2021

Home / cyber knowledge / Technical Knowledge / Preventing Broken Authentication

Preventing Broken Authentication

by on in ,
Preventing Broken Authentication
Implement multi-factor authentication (credential stuffing, brute-force, and stolen
credential re-use attacks).

Implement weak-password checks, such as (admin/admin, user/password, and so on).

Set complexity, password length, and rotation policies.

Limit failed attempts and increase the delay for all failed login attempts. Log all failures, and alert administrators. This helps when credential stuffing brute-force, or other attacks are detected.

Use a server-side secure built-in session manager which helps generate a new random session ID after login. Ensure
that session IDs are not displayed in the URL, are securely stored, and are
invalidated after logout, idle, and absolute timeouts.

Preventing Broken Authentication
Author Image

About Vikash Bharal
alistarbot is a blogger resources site is a provider of high quality blogger template with premium looking layout and robust design. The main mission of templatesyard is to provide the best quality blogger templates.

Related Posts:
By on
Tags ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)