Design a secure authentication system for a modern web application. Cover password storage, session management, multi-factor authentication, and how you would protect against common attacks like credential stuffing and session hijacking.

Sample answer preview

Designing a secure authentication system requires addressing multiple attack vectors. Let me walk through a comprehensive approach. For password storage, never store passwords in plain text or with reversible encryption.