From the course: Programming Foundations: Secure Coding
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Authentication and password issues
From the course: Programming Foundations: Secure Coding
Authentication and password issues
- Authentication is not an easy operation when it comes to modern software. On paper, it looks very straightforward. User comes to your site, enters their username and password, and clicks submit. You then evaluate the username and password and determine if this is indeed the correct person and go from there. Simple, right? Well, not so fast. Authentication itself has many security implications. One such attack is an enumeration attack, which we've already discussed. If you provide separate messages when a wrong password is entered, versus when an unknown user enters your system, you are telling an attacker if they have the username correct or not. So, the key here is keep the messaging consistent. Another issue to address is the actual time it takes to perform authentication. This is a case where faster is not better. We're going to talk about cryptographic algorithms in a bit, but know that some hashing algorithms are slower than others, and when it comes to authentication, slow is…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.