Overview#

Web Authentication should use WebAuthN.

Historic Web Authentication #

Web Authentication is about Authentication over:

• HTTP
• HTTPS
• WWW

Web Authentication methods SHOULD be performing Delegation and SHOULD NOT using Impersonation.

Web Authentication may be implemented using WEB Access Management technologies.

Web Authentication is often performed using LDAP Authentication.

Do Not Do Web Authentication#

Well, do not do it yourself. Use OpenID Connect or User-Managed Access.

If you must, then use only Known widely implemented APIs or SDKs for all Encryption and Hashing.

Best Practices Password#

Be sure to use Best Practices Password

MUST-READ LINKS About Web Authentication#

• OWASP Guide To Authentication
• OWASP Authentication Cheat Sheet
• Dos and Don’ts of Client Authentication on the Web (very readable MIT research paper)
• Wikipedia: HTTP cookie
• Personal knowledge questions for fallback authentication: Security questions in the era of Facebook (very readable Berkeley research paper)

More Information#

There might be more information for this subject on one of the following:

• Authentication cookie
• Best Practices Password
• WebAuthn Attestation Statement Format Identifier
• WebAuthn Extension Identifiers

---

• [#1] - The definitive guide to form-based website authentication - based on information obtained 2016-08-10