An application is only as strong as the authentication systems used to gate entry and protect the data it contains. So long as your users leverage passwords, the weakest link in your security stance is the strength of those passwords. This month we take a deeper look at the strength of passwords and guidance to keep your users’ data […]

By Eric Mann Every web application that allows users to authenticate needs to ensure their users’ credentials are afforded the best protection possible. Conventionally, this is done by storing only the hash of a password rather than the password itself. Luckily, password hashing in PHP is secure, safe, and remarkably straightforward to implement. Last month […]

Every web application that allows users to authenticate needs to ensure their users’ credentials are afforded the best protection possible. Conventionally, this is done by storing only the hash of a password rather than the password itself. Luckily, password hashing in PHP is secure, safe, and remarkably straightforward to implement.

There are many ways to store user credentials for verification on the application side. Only a few of those ways—namely hashing—are considered secure. While an “older” topic, let’s look at how you should store passwords and why it’s vital for every developer to know how to handle sensitive data securely.

The cornerstone protocol for the global web is HTTP—a plain text, lightly structured thing. Despite its apparent simplicity, it does its one job exceedingly well. In the May issue, we dive into how HTTP to compose responses, look at how to protect API requests, read about decoupling website requests, wrap up our introduction to Machine […]

Passwords are part of our everyday life. You may not even think about them most of the time, that is until you forget one. What if you never had to use a password again? What if I told you it was more secure not to have a password? Would you believe me? Find out why […]

Managing passwords in userland is complicated. Luckily, consumer tools like 1Password and LastPass make it easier than ever to protect user credentials. Unfortunately, this doesn’t help with the credentials used by our servers or code. The ways developers manage application credentials are legion; some are right, others fatally flawed.

Cryptographic primitives we discussed at a hackathon were hashes, and it’s useful to take a more in-depth look at what they are and how to use them in PHP.

Any application aimed at presenting users with a premium, seamless UX must take account of the times when user authentication fails. What happens when a user forgets their password? What can we do to confirm sensitive operations using email or other out-of-band communication? How can we make an application easy to use while also keeping […]

A solid practice in protecting user credentials is to never store passwords in plaintext on the server. Modern content management systems and PHP frameworks leverage strong one-way functions to store only hashes of passwords. This technique protects your users should your database ever be breached by an attacker. An even stronger mechanism, however, would never […]