Authentication
Also known as: auth, login, user sign-in, MFA
Definition
The security process of verifying who a user is, typically through usernames, passwords, or security codes.
The process of verifying the identity of a user, device, or system, typically by comparing credentials against a database record.
Why it matters
Authentication is the first line of defense for customer accounts. Poor authentication systems allow hackers to hijack user profiles, steal sensitive customer data, and perform fraudulent transactions, exposing your business to massive liabilities.
Improvement tips
- Encourage or require multi-factor authentication (MFA) to add an extra layer of protection beyond passwords.
- Use established third-party authentication services instead of coding your own security logic from scratch.
- Implement password strength requirements to help users create secure credentials.
Common mistakes
- Storing user passwords in plain text or using weak hashing methods in your database.
- Confusing authentication (verifying who you are) with authorization (verifying what you are allowed to do).
- Allowing infinite login attempts, which makes accounts vulnerable to automated guessing attacks.
Authentication flow
The security process of verifying who a user is, typically through usernames, passwords, or security codes.
Related terms
Quick check
What is the main purpose of authentication?
Choose an answer
Frequently asked questions
Do I need to understand authentication before I start my business?
When does authentication first become relevant for a new business?
How much does it cost to set up secure login systems?
Should I allow social logins like Google or Facebook on my app?
Why does authentication security matter for my running business?
What goes wrong when a business codes its own password storage?
How do I add multi-factor authentication without annoying my users?
How do I know if my website's login system is being attacked?
What does authentication actually mean in plain words?
Is authentication complicated or risky to set up?
Do I need a developer to set up user logins on my website?
What is the difference between authentication and authorization?
Sources: NIST Special Publication 800-63
Last reviewed: 2026-07-16