Reply To: OCU C)SP B Week 02 Lesson 04 Discussion

One of the top 10 OWASP security principles is identification and authentication failures. Identification and authentication failures are number seven on the OWASP list. Identification and authentication are imperative to an organization’s security. If a corporation does not have a secure authentication process. It leaves their company data susceptible to attack from hackers. Some of the vulnerable areas that have been noticed in identification and authentication are missing multifactor authentication, and the reuse of user IDs and passwords. There are many ways to prevent authentication or identification vulnerabilities. listed by owasp.org, are multiple ways prevent identification or authentication hacking. One of the ways is to align password, length, complexity, and rotation policies with national institutes of standards and technology. (NIST), by doing this it makes the password harder to identify and periodically reminds you to update password. Another is do not ship or deploy with any default credentials, particularly for admin users. It’s never good to use default credentials and this is because they typically have easy to guess passwords or usernames making it vulnerable to attacks and ensure registration credential recovery at API pathways are hardened against account enumeration attacks by using the same messages for all outcomes. There are more options for preventing authentication failures. I thought those were some of the most effective and commonly used methods.