# Authentication ## Overview This section contains recommendations for the implementation of authentication mechanisms. {% hint style="info" %} Reuse existing authentication mechanisms to avoid duplication and attack surface expansion. {% endhint %} ## General practices | Authentication scheme | Proof of identity | Pages | | ------------------------------------------------------- | ------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Authentication with login and password | `login` & `password` | [Authentication with Login and Password](https://0xn3va.gitbook.io/application-security-handbook/web-application/authentication/authentication-with-login-and-password) | | Authentication with email and password | `email` & `password` | [Authentication with Login and Password](https://0xn3va.gitbook.io/application-security-handbook/web-application/authentication/authentication-with-login-and-password) | | Authentication with a phone number and an one-time code | `phone number` & `one-time password` | [Authentication with Phone Number](https://0xn3va.gitbook.io/application-security-handbook/web-application/authentication/authentication-with-phone-number) | | OAuth2 authentication | `third-party system` | [OAuth 2.0 Authentication](https://0xn3va.gitbook.io/application-security-handbook/web-application/authentication/oauth-2.0-authentication) | | Multi-factor authentication | `one time password` | [Multi-factor Authentication](https://0xn3va.gitbook.io/application-security-handbook/web-application/authentication/multi-factor-authentication) |