Web Security: User Authentication and Access Control

Learn the fundamentals of verifying user authenticity, best practices for managing passwords and user logins, and how to prevent unauthorized access to web pages and actions.

User authentication plays a central role in almost everything we do online. From apps to hardware and websites, user accounts and logins are everywhere. Authentication is critical for verifying a user's identity online and for confirming permissions so individuals can perform privileged actions. In this course, instructor Kevin Skoglund teaches you how authentication works, how to implement it correctly when building web applications, walks you through some of the most common attacks, and shows you how to protect your site. He also demonstrates how to secure your own passwords and digital identity so you can work securely. This course is ideal for all developers, particularly those who are interested in authentication and security.

Introduction

• Best practices for user authentication and access control

1. User Authentication

• The importance of authentication
• Authentication factors
• Credentials
• Multi-factor authentication
• Pitfalls of multi-factor authentication
• Biometric authentication

2. Passwords

• Encryption and hashing
• Brute force attacks
• Speed and throttling
• Dictionary attacks
• Salted passwords
• Strong passwords

3. Manage Passwords

• Password requirements
• Password theft and reuse
• Password managers
• Handle forgotten passwords
• Use HTTPS and TLS

4. Access Control

• Insecure references
• Regulate access privileges
• Cookies and sessions
• Deny lists and geofilters
• Single sign-on services
• Deactivate user access

Conclusion

• Next steps