{"product_id":"password-authentication-for-web-and-dmitry-chestnykh-9798649303095","title":"Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication","description":"\u003cp\u003e\u003cb\u003eAuthenticating users with passwords is a fundamental part of web and mobile security. It is also the part that's easy to get wrong.\u003c\/b\u003e This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.\u003c\/p\u003e\u003cp\u003e\u003cb\u003eStore passwords securely\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eWhat is the best password hashing function for your app?\u003c\/li\u003e\n\u003cli\u003eHow many bytes of salt should you use?\u003c\/li\u003e\n\u003cli\u003eWhat is the optimal password hash length?\u003c\/li\u003e\n\u003cli\u003eHow to encode and store hashes?\u003c\/li\u003e\n\u003cli\u003eWhen to pepper and encrypt hashes and how to do it securely?\u003c\/li\u003e\n\u003cli\u003eHow to avoid vulnerabilities in bcrypt, PBKDF2, and scrypt, and which Argon2 version to use?\u003c\/li\u003e\n\u003cli\u003eHow to update password hashes to keep up with Moore's law?\u003c\/li\u003e\n\u003cli\u003eHow to enforce password quality?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cb\u003eRemember users\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eHow to implement secure sessions that are not vulnerable to timing attacks and database leaks?\u003c\/li\u003e\n\u003cli\u003eWhy is it a bad idea to use JWT and signed cookies for sessions?\u003c\/li\u003e\n\u003cli\u003eHow to allow users to view and revoke sessions from other devices?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cb\u003eVerify usernames and email addresses\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eHow to verify email addresses and why is it important? How Skype failed to do it and got hacked.\u003c\/li\u003e\n\u003cli\u003eHow to avoid vulnerabilities caused by Unicode?\u003c\/li\u003e\n\u003cli\u003eHow to disallow profanities and reserved words in usernames?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cb\u003eAdd multi-factor authentication\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eHow to implement two-factor authentication with TOTP and WebAuthn\/U2F security keys\u003c\/li\u003e\n\u003cli\u003eHow to generate recovery codes? How long should they be?\u003c\/li\u003e\n\u003cli\u003eHow to rate limit 2FA and why not doing it breaks everything?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003e\u003cb\u003eAlso...\u003c\/b\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eHow to create accessible registration and log in forms?\u003c\/li\u003e\n\u003cli\u003eHow to use cryptography to improve security and when to avoid it?\u003c\/li\u003e\n\u003cli\u003eHow to generate random strings that are free from modulo bias?\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003eThe book applies to any programming language. It explains concepts and algorithms in English and provides references to relevant libraries for popular programming languages.\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eAuthor:\u003c\/b\u003e Dmitry Chestnykh\u003cbr\u003e\u003cb\u003eISBN-13:\u003c\/b\u003e 9798649303095\u003cbr\u003e\u003cb\u003ePublisher:\u003c\/b\u003e Independently Published\u003cbr\u003e\u003cb\u003eLanguage:\u003c\/b\u003e English\u003cbr\u003e\u003cb\u003ePublished:\u003c\/b\u003e 05\/28\/2020\u003cbr\u003e\u003cb\u003ePages:\u003c\/b\u003e 144\u003cbr\u003e\u003cb\u003eFormat:\u003c\/b\u003e Paperback\u003cbr\u003e\u003cb\u003eWeight:\u003c\/b\u003e 0.49lbs\u003cbr\u003e\u003cb\u003eSize:\u003c\/b\u003e 9.00h x 6.00w x 0.34d","brand":"Dmitry Chestnykh","offers":[{"title":"Paperback","offer_id":46928022831359,"sku":"9798649303095","price":29.99,"currency_code":"USD","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0662\/2982\/9887\/files\/img_00416836-9705-4d3c-a8a8-753d154f0d1b.jpg?v=1749373694","url":"https:\/\/www.whiterainbookhouse.com\/products\/password-authentication-for-web-and-dmitry-chestnykh-9798649303095","provider":"WR Book House","version":"1.0","type":"link"}