Cornucopia - Ecommerce Website - AT 5

Suit: Authentication

Card/Value: 5

Description:
Javier can use default, test or easily guessable credentials to authenticate, or can use an old account or an account not necessary for the application.

Technical Note:
No default (e.g. vendor), old, or test accounts should exist. Each user should have their own individual account, and accounts should only be issued and active for those people/systems that have been permitted access for the required need of their job/role. Put automatic time limits on temporary accounts. Review accounts periodically to check whether any need to be de-activated or deleted. Utilize strong passwords/phrases and/or implement multi-factor authentication, especially for accounts with more privileged access.

References:
« Previous Card | Authentication | Next Card »