Authentication Testing

Credentials Transported over Unencrypted Channel

Default Credentials

Weak Lock-out Mechanism

Authentication Schema Bypass

Remember Password Functionality

Browser Cache Weakness

Weak Password Policy

Weak Security Question/Answer

Weak Password Change/Reset Functionality

Weaker Authentication in Alternative Channel