Password-Based Authentication Strategies
The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.
By the end of this session, you will have learned:
- How to advise your customers on password strength
- How to enforce users are leveraging strong passwords
- How to protect your application from brute-force bypass attempts
- How to securely authenticate a user without ever seeing their password