Update Authentication_Cheat_Sheet.md

[aiacobelli2]

I've tried to add/correct the first 4 titles.

Thank you for submitting a Pull Request (PR) to the Cheat Sheet Series.

:triangular_flag_on_post: If your PR is related to grammar/typo mistakes, please double-check the file for other mistakes in order to fix all the issues in the current cheat sheet.

Please make sure that for your contribution:

• [x] In case of a new Cheat Sheet, you have used the Cheat Sheet template.
• [x] All the markdown files do not raise any validation policy violation, see the policy.
• [x] All the markdown files follow these format rules.
• [x] All your assets are stored in the assets folder.
• [x] All the images used are in the PNG format.
• [x] Any references to websites have been formatted as [TEXT](URL)
• [x] You verified/tested the effectiveness of your contribution (e.g., the defensive code proposed is really an effective remediation? Please verify it works!).
• [x] The CI build of your PR pass, see the build status here.

If your PR is related to an issue, please finish your PR text with the following line:

This PR covers issue #.

Thank you again for your contribution :smiley:

[aiacobelli2]

I'm a little concerned that this is too jargony. Cheat Sheets are meant to be easy to read and understand and I'm afraid this will be too hard for beginners to parse.

I understand, but I've seen lot's of Appsec beginners not understanding the basic difference between identification, authentication, digital identity, and identity proofing. This basic misconception makes them not understand how to properly think about the subject. The same about user id's and usernames.

For example, in this cheat-sheet appears Oauth as an authentication framework and this is just wrong.

[szh]

I do understand the concern, but I think we need to have a way of explaining the difference in a way that beginners can understand. This may be a matter of using simple language and the like. Technical definitions are definitely important but the purpose is different than that of a cheat sheet.

[szh]

@otkd I like your suggestions. @aiacobelli2 would you like to incorporate them and update the PR?

[jmanico]

I'm a little concerned that this is too jargony. Cheat Sheets are meant to be easy to read and understand and I'm afraid this will be too hard for beginners to parse.

I understand, but I've seen lot's of Appsec beginners not understanding the basic difference between identification, authentication, digital identity, and identity proofing. This basic misconception makes them not understand how to properly think about the subject. The same about user id's and usernames.

For example, in this cheat-sheet appears Oauth as an authentication framework and this is just wrong.

Your comment about OAuth is spot on, thank you for catching this!

[jmanico]

These changes are super important. We have big mistakes regarding how we define these core terms and I totally support this work. Thank you everyone!

[jmanico]

There are a few lint errors in the markup. Can you kindly fix those? I'll merge this soon after they are fixed.

[jmanico]

@jmanico I think we should wait to merge this until @otkd's suggestions are implemented.

You got it, I have a quick trigger-finger to merge, but I will wait! :)

[jmanico]

There are a few lint errors here but we are getting close!