The OpenAPI Specification v3.1.0 provides five types of security: apiKey, http, oauth2, mutualTLS, and openIdConnect. Security can be defined in three places: under `/components/securitySchemes`, as a default for the entire API under `/security`, or under a specific operation. Companies like Facebook, Dropbox, Twitter, GitHub, and Microsoft Azure use OAuth2 as their primary authentication method, while some, like GitHub, may also use Basic Authentication. The analysis of OpenAPI specs from the OpenAPI Directory found that OAuth2 is the most commonly used security type, with apiKey being another popular choice, but not recommended due to its simplicity and potential for misuse. The study highlights the importance of using secure authentication methods, such as OAuth2, and avoiding insecure practices like Basic Authentication. It also emphasizes the need for well-maintained API documentation and the benefits of using a library like liblab to generate SDKs with best practices built-in.