[Jason Springer]

One of the top ten OWASP security principles is broken authentication. Broken authentication is crucial to control because attackers can detect it manually and exploit it using brute force and dictionary attacks. If an attacker finds the weaknesses in this broken authentication then they can take control over an admin or multiple other accounts which then allow them to infiltrate the network or system. To prevent this type of attack from happening companies are starting to require two-factor authentication which requires the user to use something they know, have, or are to access the account. This method of authentication is becoming more and more popular because even though people are warned about these attackers many still use simple passwords that the hackers can easily figure out and gain access to that person’s account and possibly more. By implementing two-factor authentication people are forced to use something physical whether biometric or some type of ID card or physical token.