Identification and authentication failures is also known as broken authentication. This is an issue that occurs when authentication has gaps like it permits brute forcing or automated attacks, it exposes session identifier in the URL, it reuses session identifier after login, does not correctly invalidate session IDs, permits weak passwords, uses weak or ineffective credential recovery and more.
The fixes are as simple as implementing strong multi factor authentication to prevent automated credential stuffing or brute force attacks, implementing strong password requirements, limiting or delaying failed login attempts, using server side manager for session ID and so on.
HansITAcademy 