Back to Glossary

Glossary Term

Broken Authentication

Weak login or session handling lets attackers impersonate legitimate users.

1 min read

Share this definition

Post it to your feed or send it to teammates.

Broken Authentication

1-minute read

What it is

Broken Authentication refers to weaknesses in login mechanisms, session management, or credential handling that allow attackers to impersonate legitimate users. Typical causes include weak password policies, missing multi-factor authentication, insecure session tokens, or improper logout handling.

Why it matters

Authentication failures directly undermine user identity protection. If attackers can bypass authentication controls, they can access accounts, sensitive data, and administrative functionality, often leading to full system compromise.

How to reduce risk

  • Enforce strong password, credential, and secret-rotation policies
  • Implement multi-factor authentication for all privileged and customer logins
  • Secure session creation, rotation, storage, and expiration workflows

Related Terms: Multi-Factor Authentication, Weak Authentication Configuration, Credential Harvesting

External Resources:

  • OWASP Top 10 – Identification and Authentication Failures: https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/