Authentication identifies the user and confirms that they say who they say they are
There is multiple authentication mechanisms as shown the next photo
Authentication Vulnerabilities: accurse as a result of insecure implementation of the application
This is terrible because it makes your password easy to brute force
This is terrible because it leaves the login pages or the MFA page vulnerable to brute force attacks
This is terrible because the application allows now username enumeration attack
This is terrible because if the data is being transmit by HTTP service that may leave the application vulnerable to man in the middle attacks
This terrible because if the application relay on security based question to confirm that it’s you and if the attacker do little OSINT he can get the answer from the user social media
