Talk:Guide to Authentication

From OWASP
Jump to: navigation, search

"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.

So I am removing that sentence. There are much worse implementations of single factor authentication.


I don't know if this is strictly true: " * Password change**

   * Password resets** 

(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "

Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."