finelybook
Password Authentication for Web and Mobile Apps: The Developer’s Guide To Building Secure User Authentication
by 作者: Dmitry Chestnykh
pages 页数: 142 pages
Publisher Finelybook 出版社: Independently published (28 May 2020)
Language 语言: English
ISBN-13 书号: 9788649303095
ASIN: B089CSW4HQ
Book Description
Authenticating users with passwords is a fundamental part of web and mobile security. It is also the part that’s easy to get wrong. This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.
Store passwords securely
What is the best password hashing function for your app?
How many by 作者: tes of salt should you use?
What is the optimal password hash length?
How to encode and store hashes?
When to pepper and encrypt hashes and how to do it securely?
How to avoid vulnerabilities in bcrypt,PBKDF2,and scrypt,and which Argon2 version to use?
How to update password hashes to keep up with Moore’s law?
How to enforce password quality?
Remember users
How to implement secure sessions that are not vulnerable to timing attacks and database leaks?
Why is it a bad idea to use JWT and signed cookies for sessions?
How to allow users to view and revoke sessions from other devices?
Verify usernames and email addresses
How to verify email addresses and why is it important? How Skype failed to do it and got hacked.
How to avoid vulnerabilities caused by 作者: Unicode?
How to disallow profanities and reserved words in usernames?
Add multi-factor authentication
How to implement two-factor authentication with TOTP and WebAuthn/U2F security keys
How to generate recovery codes? How long should they be?
How to rate limit 2FA and why not doing it breaks everything?
Also…
How to create accessible registration and log in forms?
How to use cryptography to improve security and when to avoid it?
How to generate random strings that are free from modulo bias?
The book applies to any programming language. It explains concepts and algorithms in English and provides references to relevant libraries for popular programming languages.
