What is Broken authentication ? — Occurs when authentication mechanisms are improperly implemented.

Examples

1. Weak Passwords

admin / 123456

2. Session Hijacking

Stealing cookies:

document.cookie

3. No Rate Limiting

Brute force attacks possible.

️ Real Attack

Attacker tries:

• 1000 passwords/min
• No lockout system

Eventually gets access.

Prevention

• Strong password policies
• Multi-Factor Authentication (MFA)
• Session timeout
• Rate limiting

Conclusion — Broken authentication is one of the easiest ways to compromise accounts.