Interpreting OWASP prohibition: no sensitive-account login to any frontend interface
OWASP’s Authentication Cheat Sheet states unequivocally:
Do NOT allow login with sensitive accounts (i.e. accounts that can be used internally within the solution such as to a back-end / middle-ware / DB) to any front-end user-interface.
… Continue reading Interpreting OWASP prohibition: no sensitive-account login to any frontend interface