In today's software development ecosystem, third-party vendors like Authentication-as-a-Service (AaaS) are becoming increasingly common, offering out-of-the-box capabilities to engineering teams. However, outsourcing authentication capability can introduce significant risks if due diligence isn't observed, as seen in the 2017 Equifax data breach. Performing due diligence involves a series of steps that requires research and testing the capabilities of a third-party vendor, including security standards, encryption policy, response to Common Vulnerabilities and Exposures (CVEs), ownership of responsibility in case of a cyber attack, and compliance with industry regulations such as HIPAA and GDPR. Additionally, other aspects to consider include performance, engineering implementation effort, and pricing, which can be explored further in the article "Performing Due Diligence on Authentication Vendors".