- eBook:Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication
- Author:Dmitry Chestnykh
- Data:May 28, 2020
- Pages:142 pages
Store passwords securely
- What is the best password hashing function for your app?
- How many bytes of salt should you use?
- What is the optimal password hash length?
- How to encode and store hashes?
- When to pepper and encrypt hashes and how to do it securely?
- How to avoid vulnerabilities in bcrypt, PBKDF2, and scrypt, and which Argon2 version to use?
- How to update password hashes to keep up with Moore’s law?
- How to enforce password quality?
- How to implement secure sessions that are not vulnerable to timing attacks and database leaks?
- Why is it a bad idea to use JWT and signed cookies for sessions?
- How to allow users to view and revoke sessions from other devices?
- How to verify email addresses and why is it important? How Skype failed to do it and got hacked.
- How to avoid vulnerabilities caused by Unicode?
- How to disallow profanities and reserved words in usernames?
- How to implement two-factor authentication with TOTP and WebAuthn/U2F security keys
- How to generate recovery codes? How long should they be?
- How to rate limit 2FA and why not doing it breaks everything?
- How to create accessible registration and log in forms?
- How to use cryptography to improve security and when to avoid it?
- How to generate random strings that are free from modulo bias?
Download Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication PDF or ePUB format free