Some applications should use a second factor to check whether a user may perform sensitive operations.

validating a password protection system-76validating a password protection system-43

A key concern when using passwords for authentication is password strength.

A "strong" password policy makes it difficult or even improbable for one to guess the password through either manual or automated means.

The following characteristics define a strong password: Longer passwords provide a greater combination of characters and consequently make it more difficult for an attacker to guess.

While minimum length enforcement may cause problems with memorizing passwords among some users, applications should encourage them to set passphrases (sentences or combination of words) that can be much longer than typical passwords and yet much easier to remember.

Passwords should, obviously, be case sensitive in order to increase their complexity.

Occasionally, we find systems where passwords aren't case sensitive, frequently due to legacy system issues like old mainframes that didn't have case sensitive passwords.

Authentication in the context of web applications is commonly performed by submitting a user name or ID and one or more items of private information that only a given user should know.

Session Management is a process by which a server maintains the state of an entity interacting with it.

Sessions should be unique per user and computationally very difficult to predict.