• Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Menu
  • Home
  • Services
    • Managed Detection and Response
    • Security Assessment
    • Phishing Assessment
    • Vulnerability Management
    • CISO as a Service
    • Penetration Testing
    • Outside-in-Security
    • Inside-Out-Security
    • Security Audit
    • Static Code Analysis
  • Insights
  • Contact Us
Phone-alt Linkedin

Hacks – Authentication

Authentication is a prominent aspect of cyber security as it is end user facing and is generally the first step to access most systems. A poorly configured authentication layer can be the difference between a secure application and a complete breach. While thankfully not all exploits are critical, access to a system administrator’s account can be catastrophic. Identification and Authentication Failures is listed as number seven on the OWASP top 10, falling from its previous number two position due the widespread implementation of MFA and increased attention to security practices.

To improve the basic security of your systems:

Ensure that all your systems use Multi Factor Authentication, requiring at least a second layer of proof to validate a user.

Implement strict password controls including:

  • Minimum password complexity.
  • No password reuse.
  • Password expiration.
  • A blacklist of common words and phrases to prevent them being used in user passwords.
  • Expire session tokens after a period of time and on logout to avoid session hijacking.

 

There are many attack vectors that a malicious actor could use to breach your authentication layer. Insufficient MFA coverage is a reoccurring issue that seems to impact many organisations, implementing multi-factor authentication on their primary site however neglecting administrative portals. This oversight can expose critical systems to attacks like brute forcing or credential stuffing.

Recent blog posts

Common Vulnerabilities and Exposures – October 2022

Read More »

Hacks – October 2022

Read More »

Protecting your data – The CIA Triad – Part One: Confidentiality

Read More »

Need help with this?

Enter your details below and one of our team will get in touch

Other Similar Articles

The Value of Security Performance Reporting

Read More »

Amazon Web Services (AWS) Cloud Solution

Read More »

Polkit Vulnerability CVE-2021-4034 (Local privilege escalation vulnerability)

Read More »

Hacks – Cracking web-page authentication

Read More »
View all our blog articles
Linkedin
  • Insights
  • Contact Us
Menu
  • Insights
  • Contact Us

Our Office

Level 2, 157 Walker Street, North Sydney, NSW 2060

Call Us

(02) 9136 6066

Email Address

info@brace168.com