This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Talk:Guide to Authentication

From OWASP
Jump to: navigation, search

"When used in a single factor authentication method (for example, just a thumbprint with no username or password), biometrics are the weakest form of authentication available and are unsuitable for even moderate risk applications." Biometrics is still a better single factor auth method than having a username/password based one which doesnt enforce password complexity or account lockout.

So I am removing that sentence. There are much worse implementations of single factor authentication.

I don't know if this is strictly true: " * Password change** 

   * Password resets**

(**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities) "

Perhaps it should read "Most medium and all high value systems should use more than one factor of authentication and should not rely exclusively on passwords."

Retrieved from "https://wiki.owasp.org/index.php?title=Talk:Guide_to_Authentication&oldid=74611"