9 User password management

 

This chapter covers

  • Changing, validating, and resetting user passwords
  • Resisting breaches with salted hashing
  • Resisting brute force attacks with key derivation functions
  • Migrating hashed passwords

In previous chapters you learned about hashing and authentication; in this chapter you learn about the intersection of these topics. Bob uses two new workflows in this chapter: a password-change workflow and a password-reset workflow. Once again, data authentication makes an appearance. You combine salted hashing and a key derivation function as a defense layer against breaches and brute force attacks. Along the way I show you how to choose and enforce a password policy. Finally, I’ll show you how to migrate from one password hashing strategy to another.

9.1      Password-change workflow

In the previous chapter you mapped a handful of URL paths to a collection of built-in Django views. You used two of these views, LoginView and LogoutView, to build an authentication workflow. In this section I show you another workflow composed of two more of these views: PasswordChangeView and PasswordChangeDoneView.

9.1.1   Custom password validation

 

9.2      Password storage

 
 

9.2.1   Salted hashing

 
 

9.2.2   Key derivation functions

 
 
 

9.3      Configuring password hashing

 
 

9.3.1   Migrating password hashers

 
 
 

9.4      Password reset workflow

 
 
 

9.5      Summary

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest