Broken Authentication, listed as A02 in the OWASP Top 10 for 2017, occurs when applications incorrectly implement authentication and session management, allowing attackers to compromise passwords, keys, or session tokens. This can result in account takeovers or unauthorized access to systems. Common issues include weak passwords, predictable login credentials, exposed session IDs, and improper timeout settings. To prevent this, use multi-factor authentication, secure password storage, and strong session handling practices that rotate tokens and invalidate sessions after logout or inactivity.
