Audit this authentication flow step by step. Auth flow description: {{auth_flow}} Tech stack: {{tech_stack}} Sensitivity: {{data_sensitivity}} Think through systematically: 1. CREDENTIAL HANDLING: How are passwords/tokens stored and transmitted? 2. SESSION MANAGEMENT: How are sessions created, validated, invalidated? 3. MFA: Is multi-factor authentication implemented? How? 4. BRUTE FORCE: What protections exist against credential stuffing? 5. TOKEN SECURITY: Are tokens properly signed? Expiry appropriate? 6. OAUTH/OIDC: If using OAuth, is the flow implemented correctly? 7. PASSWORD POLICY: Is the password policy strong enough? 8. ACCOUNT RECOVERY: Is the reset flow secure against account takeover? 9. LOGGING: Are auth events properly logged for auditing? 10. VULNERABILITIES: Check for common issues (session fixation, CSRF, etc.) 11. RECOMMENDATIONS: Prioritized list of security improvements.
Authentication Flow Security Audit
Audit an authentication flow by reasoning through each security aspect.
18 copies0 forks
Share this prompt:
Details
Category
CodingUse Cases
Authentication security reviewSecurity compliance auditIdentity system assessment
Works Best With
claude-opus-4.5gpt-5.2gemini-2.0-flash
Created Updated Shared