2 Standards for implementing authentication
This chapter covers
- Analyzing customer, employee, and partner preferences for authentication
- Discussing standards to enable secure user authentication
- Identify the technologies for securing sensitive application credentials
All applications, whether a million-line monolith or a thousand-line microservice must solve the following four security problems:
- Securing communication channels
- User authentication
- Handling sensitive credentials such as API keys required to access external services
- Running the application securely in a cloud environment
In chapter 1, we explored how to secure communication channels with TLS—basically locking the door to your data so no one sneaks in. But what good is a locked door if you're handing out keys to just anyone? That’s where authentication comes in. In this chapter, we’ll dive into the tools and methods for solving authentication challenges. Why? Because you need to make sure the person knocking at your app's front door isn't a hacker in disguise—or worse, your ex trying to get into your Netflix account.
Think of authentication as the bouncer at a club. You wouldn’t want a bouncer who lets everyone in without checking IDs, would you? (Unless your app is a sketchy underground party, in which case… you do you.) By understanding the authentication landscape, you'll learn how to be that bouncer—who knows who belongs, who doesn’t, and who’s using a fake ID.