Make it very easy for a user to be authenticated. Always ask for the minimum amount of information required to authenticate a user, unless the user has enabled additional layers of security such as two-factor authentication.
Leverage a platform’s native functionality such as fingerprint authentication on mobile devices.
Clearly show when authentication fails. Use clear concise error messaging to show validation errors.