Back to Catalog
Owasp Security
top10_2025
A07:2025 - Authentication Failures
Weaknesses in identity verification including MFA, session management, and credential handling.
Intent & Description
'
🎯 Intent
Ensure reliable identity verification and protect authentication mechanisms from abuse.
📋 Context
Applications with weak authentication allow attackers to compromise passwords, keys, or session tokens. Issues include weak passwords, credential stuffing, improper session management, and missing MFA.
💡 Solution
Implement multi-factor authentication. Enforce strong password policies. Limit failed login attempts. Use secure session management. Never ship with default credentials. Implement proper password storage with modern hashing.'
Real-world Use Case
Use when implementing login systems, session management, API authentication, or any identity verification mechanism.
📌 TL;DR
Secure identity verification with MFA, strong passwords, rate limiting, and proper session management.
Advantages
- Prevents unauthorized account access
- Protects against credential attacks
- Supports regulatory compliance
- Reduces account takeover risk
Disadvantages
- MFA adds user friction
- Complex to implement across all authentication paths
- Session management edge cases