Since 1999
Solutions Home

Solutions by Industry

Core Capabilities

Technical Solution Details

Security Assessments

Authentication and Access Control Overview

Background

Rietta has decades of experience working with web applications that must provide authentication. This is the most critical security service to get right because user authentication and access control is the #1 issue on the OWASP Top 10.

To understand the central role authentication plays, consider this slide from one of our Cybersecurity for Developers presentations:

The Five Pillars of Cyber Security
The Five Pillars of Infosec are the key properties that define a potentially secure system. With a dead network perimeter, the A - Authentication (and Access Control) are critical. © 2025 Rietta Inc.

The Right Tools for the Job

There are many steps necessary to determine if a user access control system is set up in a standards compliant way. For some, using your cloud providers’s Identity and Access Management (IAM) as AWS calls it (your cloud provider may use a different name) may be a good option. There is complexity in integrating with an authentication service via OAuth or JWT. Rietta has the experience necessary to help your team select the best option as your solutions grows.

When your system does perform password verification functions, you need to get the hashing algorithm right. If you are using bcrypt or Argon2, you are probably okay an that front. You can learn more about hashes on our blog at What is the difference between bcrypt and SHA256?.

However, there is so much more to it than just hashes.

NIST 800-63b Password Verifier Requirements

A very useful guidance document for a good password verifier is the Federal Digital Identity Guidelines: Authentication and Lifecycle Management. This standard has been out for some time now and is a very good guide, based on real world data. Rietta has the experience necessary to help you align your practices to this standard.

Remediation Plan of Action

Suppose in your assessment, it was discovered that your system does not use an appropriate hashing algorithm or does not have a mechanism to detect passwords that are known to be breached. Rietta has the experience to help guide you there. We will work with your developers to define the appropriate requirements and test the implementation.

Next Steps

If you'd like to discuss your specific requirements, feel free to schedule a free consultation. We'll provide detailed information about our services and tailor a plan to meet your unique needs. You can reach us at our Atlanta office: +1 (770) 623-2059.

← Back to Solutions