Authentication is the process of verifying the identity of a given user or client.
Weak
Authentication refers to any situation in which the authentication mechanism's
strength is insufficient in comparison to the importance of the assets being
secured. It also covers situations where the authentication function is faulty
or insecure.
Most
vulnerabilities in authentication mechanisms arise in one of two ways:
- The
authentication mechanisms are weak because they fail to adequately protect
against brute-force attacks.
- Logic flaws
or poor coding in the implementation allow the authentication mechanisms
to be bypassed entirely by an attacker. This is sometimes referred to as
"broken authentication".
Practices To Avoid Weak Authentication
Practices
to Avoid Weak Authentication vulnerabilities include:
- Adopting a
strong Password Policy and enforcing it consistently in all applications
- Using
Two-Factor or Multi-Factor Authentication.
- Integrating
an industry standard authentication framework.
- Adding
Risk-based Authentication and escalating challenges as circumstances
warrant.
- Ensuring
that authentication is a pre-condition to access all application resources.
- Keeping the
authentication token secure and limited in lifetime.
No comments:
Post a Comment