Quiz Entry - updated: 2026.06.20
What factors besides implementation issues can lead to broken authentication?
Automated attacks (credential stuffing, brute force), social engineering (phishing), and poor design (weak passwords, no rate limiting) all break auth even when the code itself is correct.
-
Automated attacks
- Credential stuffing (using leaked password lists)
- Brute force attacks
-
Social Engineering
- Phishing, pretexting
- Tricking users into revealing credentials
-
Poor design
- Weak password requirements
- No rate limiting
- Predictable session IDs
-
Implementation vulnerabilities
- SQL injection in login
- Timing attacks
- Insecure password storage
Key insight: Security is only as strong as the weakest link - technical controls alone aren't enough.