This is a great little book - honestly, it's much better than I had judged based on the cover (I broke the cardinal rule!).
The book is a very quick read, at just 137 small-ish pages. The format is basically that of an "authentication handbook." It walks the reader through all the essential aspects of implementing a user registration and login/auth flow for any modern web/mobile app, including user registration, email verification, 2FA, and more. It's packed cover-to-cover with straight forward, practical advice, best practices, gotchas, security risks, common mistakes to avoid, etc. based on the author's years or real-world development experience.
While the book is quite straightforward and easy to read, it does assumes a level of experience and familiarity with both full-stack development and general authentication mechanics and concerns (i.e. hashing, encryption, secure password storage, etc.). If you have at least that minimal development background, then the content is actually an easy read. At the same time, it's quite technical in nature, offering tons of pragmatic advice and minute details about things like various levels/types of encoding, hashing, entropy, and so on.
The book doesn't include any code examples of actual _implementations_ - but the author discloses that up front. What he does include are recommendations and links to various encryption libraries and other resources (for the most popular languages – JS, Python, Java, Go, etc.).
My only complaint about this book is that it's mostly written in prose, meaning it's going to be hard to go back and quickly flip to a given page or detail as a reference later on (most of the great technical details are buried in conversational paragraphs of text, rather than code examples, tables, or callouts). Even so, worst case I'll just have to spend 4 hours to read the entire book again, haha... Not a problem!
If you're building a user authentication system, this is a great book to add to your library!
Report an issue with this product
