Authentication and authorization

Force a complex password policy and use anti-automation to avoid credential stuffing attacks.

Usage of strong authentication mechanisms involving 2FA / MFA are recommended.

Require input validation on both the client and server side of your application.

Use role-based authorization with least privileges as default.