Validating a password protection system
It is a good idea to do this when: It is generally not a good idea to use this method for widely and publicly available websites that will have an average user.
The user installs the certificate on a browser and now uses it for the website.By commenting, you are accepting the IBM commenting guidelines and the DISQUS terms of service.Authentication is the process of verification that an individual, entity or website is who it claims to be.Passwords should, obviously, be case sensitive in order to increase their complexity.Occasionally, we find systems where passwords aren't case sensitive, frequently due to legacy system issues like old mainframes that didn't have case sensitive passwords.Without this countermeasure, an attacker may be able to execute sensitive transactions through a CSRF or XSS attack without needing to know the user's current credentials.
Additionally, an attacker may get temporary physical access to a user's browser or steal their session ID to take over the user's session.
Authentication in the context of web applications is commonly performed by submitting a user name or ID and one or more items of private information that only a given user should know.
Session Management is a process by which a server maintains the state of an entity interacting with it.
A key concern when using passwords for authentication is password strength.
A "strong" password policy makes it difficult or even improbable for one to guess the password through either manual or automated means.
The following characteristics define a strong password: Longer passwords provide a greater combination of characters and consequently make it more difficult for an attacker to guess.