Bot Detection and MFA
- Bot detectors analyze user behavior (e.g., rapid typing, unusual navigation patterns).
- Multi-Factor Authentication (MFA):
Even if credentials are leaked, the attacker can’t easily log in without the second factor (e.g., SMS, authenticator app).
Least Privilege Permissions
Least Privilege Principle:
Every user, service, and program should operate with only the minimum privileges needed to perform their tasks.
- Benefit:
Limits the potential damage if a system is compromised.
Example:
A web server should not have database admin rights unless necessary.