These parameters represent the interface of definition customers or client to enter (login) into any electronic system and give the credentials (access rights allowed, denied, or audited for that trusted user) as different from one user to another, there are levels of management systems (access control)and also to ensure access only authorized persons for specific system this topic is very broad within topic "Access control list"
User and password is just the first step for the best security.
We need 3 factos of security
1 something you know (user and password)
2 something you own (like a physical key)
3 something you are ( like a fingerprint)
The leakage of passwords from home banking sites: A threat to global cyber security?
E-banking systems rely on browsers and other financial applications to provide a secure service. As this paper shows, however, many e-banking systems fail to provide the requisite level of confidentiality. This paper focuses on vulnerabilities related to the leakage of login information from the client side. It demonstrates that by using forensic techniques and tools, it was possible to acquire login-related data from a number of websites. This proves that important authentication data used in navigation activities remain on disk, posing a clear threat to confidentiality. https://www.henrystewartpublications.com/jpss/v11
this is easiest method to provide security inside the web based system. Generally web based system has different server which provide this mechanism also known as access/authentication server. This server request the user to fulfill the credentials, i.e., login name and password. Moreover, passwords are also not stored directly inside the database, they encrypted and only message digest is compared at the time of login process.