Pistol's Plumbing & Maint. Inc.
Implementing strong authentication security for web-based applications before deployment to the user production environment is the ideal approach however, many projects take longer than expected so some applications are deployed without security policies in place, such as password quality, password expiration and strike counts. Password management is usually added later when a security audit uncovers an application as being non-compliant. To make a web-based application compliant, they need to decide whether to build or buy a complete authentication security solution.