Authentication
122. Validate credential ownership237. Ascertain human interaction153. Out of band transactions238. Establish safe recovery225. Proper authentication responses264. Request authentication226. Avoid account lockouts319. Make authentication options equally secure227. Display access notification328. Request MFA for critical systems228. Authenticate using standard protocols334. Avoid knowledge-based authentication229. Request access credentials335. Define out of band token lifespan231. Implement a biometric verification component362. Assign MFA mechanisms to a single account235. Define credential interface368. Use of indistinguishable response time236. Establish authentication time382. Human in the loop