The authentication category covers the main elements of modern authentication to confirm an entity and its claims are authentic and correct, resistant to impersonation and prevent interception of passwords.

The ASVS standard builds on the NIST 800-63b (https://pages.nist.gov/800-63-3/sp800-63b.html) specification for this section.

Authentication includes password policy, controls and storage, proper implementation of authenticators and proper implementation of out of band or one time verifiers.