What would be considered a best practice around authenticating user activity?
If you try to update your password on your system backend, via a web interface, and you cann
