2 Standards for implementing authentication

 

This chapter covers

  • Analyzing customer, employee, and partner preferences for authentication
  • Discussing standards to enable secure user authentication
  • Identify the technologies for securing sensitive application credentials

All applications, whether a million-line monolith or a thousand-line microservice must solve the following four security problems:

  • Securing communication channels
  • User authentication
  • Handling sensitive credentials such as API keys required to access external services
  • Running the application securely in a cloud environment

In chapter 1, we explored how to secure communication channels with TLS—basically locking the door to your data so no one sneaks in. But what good is a locked door if you're handing out keys to just anyone? That’s where authentication comes in. In this chapter, we’ll dive into the tools and methods for solving authentication challenges. Why? Because you need to make sure the person knocking at your app's front door isn't a hacker in disguise—or worse, your ex trying to get into your Netflix account.

Think of authentication as the bouncer at a club. You wouldn’t want a bouncer who lets everyone in without checking IDs, would you? (Unless your app is a sketchy underground party, in which case… you do you.) By understanding the authentication landscape, you'll learn how to be that bouncer—who knows who belongs, who doesn’t, and who’s using a fake ID.

2.1 Logging users in

2.1.1 Customer authentication

2.1.2 Employee authentication

2.1.3 Partner authentication

2.1.4 Phishing resistant authentication

2.1.5 Authentication technology from a developer’s perspective

2.1.6 Exercises

2.2 Securing application credentials

2.2.1 Exercises

2.3 Exercise Answers

2.4 Summary