With the rise of of credential stuffing and similar attack methods, simple username and password authentication is not enough to deter bad actors. According to the Verizon Data Breach Investigations Report, there were over 55,000 security incidents and 2,200 confirmed data breaches in 2018, with a whopping 81% of those incidents being tied to stolen or weak passwords. With the proliferation of data breaches and loss of consumer trust, enterprises must take a second look at the security posture of their web applications, starting with an exploration of more secure authentication methods. In this post, I will break down some of the most common authentication methods we see today, as well as some tips on how to best implement them. Authentication vs Authorization To be clear, when we talk about authentication, we are talking about the act of verifying an identity—making sure users are who they say they.