https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/03-Identity_Management_Testing/04-Testing_for_Account_Enumeration_and_Guessable_User_Account
The scope of this test is to verify if it is possible to collect a set of valid usernames by interacting with the authentication mechanism of the application.
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/04-Authentication_Testing/02-Testing_for_Default_Credentials
This link discusses the process of testing web applications for default credentials.
https://www.rcdevs.com/products/openotp/
OpenOTP is a phishing-resistant MFA solution.
https://access.redhat.com/solutions/68164
This documentation from Red Hat, provides an administrator step by step instructions for configuring a lockout policy based on inactivity.
https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/6/html/deployment_guide/ch-directory_servers
This link provides more information about using directory services within RedHat.
https://www.rsa.com/products/securid/
Secure access to your extended enterprise with RSA SecurID Access, the leading multi-factor authentication and identity assurance solution.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blta5be14c7136a535f/5e9dde89db124263e8afce3d/password_construction_guidelines.pdf
This SANS guideline provides best practices for creating secure passwords.
https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/blt56ee6e15d78eb882/5e9ddf05d5a1cb709eee4a22/password_protection_policy.pdf
This is a sample password protection policy from SANS.
https://www.giac.org/paper/gsec/1852/network-security-authentication-applications-kerberos-public-key-infrastructure/103260
This document shows how to improve the security of a network through the use of authentication applications.
https://www.sans.org/white-papers/118/
This SANS whitepaper generalizes several authentication methods and authentication protocols.