diff --git a/2019/en/src/0xa2-broken-user-authentication.md b/2019/en/src/0xa2-broken-user-authentication.md
index 0e5e90cfc..736baf005 100644
--- a/2019/en/src/0xa2-broken-user-authentication.md
+++ b/2019/en/src/0xa2-broken-user-authentication.md
@@ -65,7 +65,7 @@ within a few minutes.
 * Implement [account lockout][4] / captcha mechanism to prevent brute force
   against specific users. Implement weak-password checks.
 * API keys should not be used for user authentication, but for [client app/
-  project authentication][5].
+  project authorization][5].
 
 ## References