V2.2 — General Authenticator Security
General Authenticator Security: 7 L3 requirement(s). V2.2.1: Verify that anti-automation controls are effective at mitigating breached credential testing, brute force, and account l... V2.2.2: Verify that the use of weak authenticators (such as SMS and email) is limited to secondary verification and transaction ... V2.2.3: Verify that secure notifications are sent to users after updates to authentication details, such as credential resets, e... ... and 4 more.
| Property | Value |
|---|---|
| Section | V2.2 |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-AUTH-01 | FIDO2/WebAuthn Passwordless Authentication |
| SID-ACCESS-02 | Rate Limiting and Brute-Force Protection |
Source: OWASP Application Security Verification Standard 4.0.3