Modern applications frequently handle sensitive data and as such it is common practice for developers to implement varying layers of authentication to access the application. This also means that as a developer you can gather more detailed information about your users i.e. through their email address, which can be used as a marketing tool.
In essence; authentication is the security process which requires a unique username and password to be entered by the user in order to access the application in full. This means that they can personalise their experience as well as have a greater confidence in the safety of any personal data which may be used and/ or securely stored by the application.
Session management covers the processes that the application uses to keep users safe whilst they are actually using the application. A highly common example of this is session timeouts, where if the user is inactive for a given period of time, or if they lock their device, the application will log them out. This is often used by financial applications where users can carry out their personal and business banking through the use of an official application.
One of the most common causes of broken authentication is a weak password policy which enables credentials to be easily worked out by hackers. It is also possible that if your ‘Password Reset’ process, which developers prefer to automate, may not be secure enough. For example; if all pressing the ‘password reset’ button does is send a link to the users registered email address, or if the user only has to answer a pre-determined ‘secret question’ then it may be relatively easy for the account to be accessed by an outsider.
One simple way of tightening […]