The first point of contact most users have with your application is the login screen. It’s a ubiquitous interface, and approaches for handling authentication are legion. A plethora of options for authentication doesn’t mean it’s an easy practice, though. Together, we’ll review authentication from first principles, starting with password-based systems and diving deeper into defensive hashing techniques and the edge cases developers need to consider when protecting user data. We’ll also go deep into the secure remote password flow, leveraging the technique both from native PHP and a JavaScript client-side implementation.
By the end of this session, you will have learned:
How to advise your customers on password strength
How to enforce users are leveraging strong passwords
How to protect your application from brute-force bypass attempts
How to securely authenticate a user without ever seeing their password
About Eric Mann
Eric is a technical leader and software polyglot with over a decade of experience working on projects big and small. He leads data-based initiatives at Vacasa, working with both data science and data engineering to optimize business workflows and innovate on technical implementations to drive the team towards the future.
Nomad PHP
