The cyber world of today is plagued with hacks and breaches in the security and accounts of internet user, or users of other digital facilities. This breach in security is one pertinent issue that the online community seeks to resolve, for the protection of users’ data and other vital details. In recent years, there had been issues of hacks into users’ account on various internet platforms, with hackers frolicking with data, funds, information, privacy amongst many other important content of such accounts. In a bid to curb this menace, tech giants and other digital service providers intensified on Authentication, which has been a method of securing users’ details and confirming access. Authentication, being the process or action of verifying the identity of a user or process, has gone a long way in ensuring the safety of details, in both hardware or software facilities. It involves a user actually confirming his identity in a bid to access a piece of data, account, detail etc. either with the use of passwords, fingerprints, security questions etc. This bold step in the reduction of cyber-crimes is really the way to go, but just like any other process, it is not without issues. The various authentication procedures have shortcomings that make them vulnerable, what would literarily not be expected from a security infrastructure. This shows us that cyber security is still far from being perfect, and the tech world needs to work more on the credibility of this public key infrastructure. The under-listed are not the only issues that Authentication as a system faces, but they are the obvious ones that really call for immediate attention. Back-end breach: The Authentication system is not almighty, it has a back end, otherwise called the database, where data of users are stored, to which it refers to when it’s time for its function. No Authentication system in itself is a storage structure, but it relies on the data that has been previously imputed into it, and stored in a form of server. Whenever a user tries to access a system that is barricaded by the Authenticating system, the system queries data from the server, which it uses to confirm the identity of the intending user of the account or details. When the data that is been imputed by the current user that wants to log in matches the previously saved data, the authentication then is termed successful and the user has access. This system is secured on the front end, but the back end is vulnerable to breach, and this can be evidenced by the Equifax security breach. Information of users can also be stolen from this back end and used somewhere else. When information from this back end server is breached by hackers, they can use such to answer security questions on other platforms, especially when the user had used a generic security measure across many platforms for easy remembrance. This is an issue that needs to be addressed, the back end servers of authenticating systems need to be more secured. Unencrypted connections for data transfer: Most data transfer systems between the authenticating interface and the database server are unencrypted, and this exposes such data to a skilled third party that knows how to access such data. This data can even be spied on by operators of such structure, and can be used nefariously. Users who are oblivious of this weak system and provide such structure with details for authentication could be affected. Corruption or alteration of database: On not-too-common occasions, database of systems can experience technical glitches that might lead to it being corrupted or have it information altered. When this happens, another user can fake his way into the system, exploiting the original user’s details and even funds. Also, in a bid to access user’s data, viruses can be imputed into a server system, and this would compromise security, as data may be lost, rendering the security of user’s facility inactive for brief moments of potential hacks. Liable breach through browser caching: Browsers use caches in a bid to ease the accessibility of users to more frequented online spaces, thereby making user experience a wholesome one. This measure could be breached, as attackers could get a hold of users’ devices and access the same website or online space through cached credentials, compromising the details and privacy of users. The use of biometrics for further verification would have been the perfect solution for this potential breach, but that also has its con. False and coerced biometric verification: The whole essence of authentication is to protect users’ data and information from third party, as much as possible. But a user who has secured his access to facility with biometrics (fingerprints, facial recognition) could have it compromised if he is present to do the verification under duress – mainly at weapon point. The system would be unlocked, and the criminal has access to the system. This proves that the biometrics system provides ease of access, but it is still prone to compromise, and needs improvement. The use of AI and machine learning could suffice in making the system more secure, by detecting situations. But, would the system be developed to discover when a user is under threat, and refuse to allow access when all credentials have been imputed? Even at the risk of the user’s life? Furthermore, there are cases where criminals have obtained the parts of users that have been used in biometric authentication, and this has been used to access such locked structure. For example, a user that has barricaded access to a device or system with the use of fingerprints. When such a user visits a restaurant, his fingerprint can be lifted off the glass cup or any other surface he comes in contact with, and will be used to access his account or system. Conclusion: There are many more security issues that an authentication system can face, compromising its main objective of securing users’ data and access. Making authentication secure is a broad and complex area of security that needs to be critically and exhaustively catered for. There is the need for security structures to constantly update and cross check on service and running of both the hardware and software segment of the system, to ensure that premium service is delivered to users. Developers and operators need to be educated on cutting edge security practices as and when due to help user protect their data, and reduce the rate of cybercrime. Security is key, and it should be treated with all sense of urgency and importance.