When creating an application, we often don't pay the necessary attention to the authentication process. We implement a simple form and start the session to keep the user logged in. Then, we proceed to what really matters to us: the "core" of our system.

But the login step is the main entrance to it, and not spending the needed time is why "Broken Authentication" is 2nd place at OWASP Top Ten Project of Web Application Security Risks.

That's why we need to learn how to create more secure authentication mechanisms, by:
- Really protecting against CSRF
- Creating strong Two Factor Authentication process
- Avoiding user enumeration
- Implementing secure "forgot my password" and "remember me" features