Authentication and authorization Log-in screens protect the information stored in the application from public access. Even if someone gains access to a device, they’ll still have to know the right credentials to gain admittance to the application itself. Set up password rules to make sure your users are choosing passwords that will be difficult to guess. Many tools require passwords to be at least eight characters (although longer is better) and include a mix of uppercase and lowercase letters, symbols, and numbers. Along with authorization, you might consider adding multifactor authentication, also called two-factor authentication, to your app. With multifactor authentication, users will log in with their credentials and then get a code delivered to either their phone or email to confirm their identity. You should also think about automatically logging out the user after a certain period of inactivity.