Authentication and Security

 

Why Authentication ?

As we create our website or web app for users to use, then these users are going to generate data on the website.

Example: They might like some posts, they might interact with other users or might create messages, etc.

And to associate these data with the individual user, we need to create an account, for each user. So they would sign up with a user account and password. And we would create a kind of like ID card for them, to uniquely identify on the database, and to save data that they’ve generated onto the account. So when they come back to our website, they use their username and password and log into our website and be able to access all of those possibly private pieces of information. So this way you don’t end up with everybody being able to see the private messages you are sending.

Another reason to add authentication to your website is to restrict access to certain areas of your website depending on the status of the user.

Example: If you are using Spotify or Netflix and you charge a subscription for accessing a certain part of the website. Then once a user pays, you have to update their account in your database, to say that they have paid and they will be allowed to access TV shows or songs.

So these are some reasons to add authentication and it can be done in different ways. Creating a website where we sign-up and login users seem simple enough but the difficult part of the authentication comes from how secure you are going to make your website.

Here are some levels of authentication and security.

Level 1: Register user with username and password.

Level 2: Database encryption.

Level 3: Hashing.

Level 4: Salting and Hashing password with bcrypt.

Level 5: Add Cookies and sessions.

Level 6: oAuth 2.0 and how to implement sign-in with google.

More Resource :