Moving From Authentication to Auditing

Posted

If we assume that someone out there, at some point in the future, will be able to get access to any web app we have credentials, then the next best thing to preventing them from logging in the first place is knowing about it when it happens.