Authentication verifies the identity of users and services.

• Use Multi-Factor Authentication (MFA)
• Do not ship default passwords; require password complexity and entropy
• Implement account lockout or delayed responses against brute-force attacks