The perfect last-minute gift

Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication (English Edition)

Double-tap to zoom
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.
USD 11.00 with 66 percent savings
Print List Price: USD 31.95
You will be charged EUR 9.47
Price includes VAT
Sold by Amazon Media EU S.à r.l..
You've subscribed to ! We will pre-order your items within 24 hours of when they become available. When new books are released, we'll charge your default payment method for the lowest price available during the pre-order period.
Update your device or payment method, cancel individual pre-orders or your subscription at
Your Memberships and Subscriptions
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Book details

  1. Print length
    144 pages

    Print length: 144 pages

    Real page numbers that match the print edition (ISBN B089CSW4HQ).
  2. Language
    English
  3. Accessibility
    Learn more
  4. Publication date
    27 May 2020
  5. File size
    2.2 MB
  6. Page Flip
    Enabled

    Page Flip: Enabled

    Page Flip is a new way to explore your books without losing your place.
  7. Word Wise
    Not Enabled

    Word Wise: Not Enabled

    Word Wise helps you read harder books by explaining the most challenging words in the book.
  8. Enhanced typesetting
    Enabled

    Enhanced typesetting: Enabled

    Enhanced typesetting improvements offer faster reading with less eye strain and beautiful page layouts, even at larger font sizes.
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Book overview

Authenticating users with passwords is a fundamental part of web and mobile security. It is also the part that’s easy to get wrong. This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.

Store passwords securely
  • What is the best password hashing function for your app?
  • How many bytes of salt should you use?
  • What is the optimal password hash length?
  • How to encode and store hashes?
  • When to pepper and encrypt hashes and how to do it securely?
  • How to avoid vulnerabilities in bcrypt, PBKDF2, and scrypt, and which Argon2 version to use?
  • How to update password hashes to keep up with Moore’s law?
  • How to enforce password quality?
Remember users
  • How to implement secure sessions that are not vulnerable to timing attacks and database leaks?
  • Why is it a bad idea to use JWT and signed cookies for sessions?
  • How to allow users to view and revoke sessions from other devices?
Verify usernames and email addresses
  • How to verify email addresses and why is it important? How Skype failed to do it and got hacked.
  • How to avoid vulnerabilities caused by Unicode?
  • How to disallow profanities and reserved words in usernames?
Add multi-factor authentication
  • How to implement two-factor authentication with TOTP and WebAuthn/U2F security keys?
  • How to generate recovery codes? How long should they be?
  • How to rate limit 2FA and why not doing it breaks everything?
Also…
  • How to create accessible registration and log in forms?
  • How to use cryptography to improve security and when to avoid it?
  • How to generate random strings that are free from modulo bias?
The book applies to any programming language. It explains concepts and algorithms in English and provides references to relevant libraries for popular programming languages.

About the author

Follow authors to get new release updates, plus improved recommendations.
Dmitry Chestnykh
Dmitry Chestnykh
Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Dmitry Chestnykh has been writing software for over twenty years, and now consults on applied cryptography and software security. He was a member of the Password Hashing Competition experts panel. He discovered and helped fix numerous vulnerabilities in commercial and open source apps, and wrote popular open source cryptography packages in JavaScript, Python, and Go. He created "I Write Like", a popular web site for writing analysis.

Dmitry's website is https://dchest.com

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Product Information

ASIN B089B3CG6W
Publication date 27 May 2020
Edition 1st
Accessibility Learn more
Language ‎English
File size 2.2 MB
Screen Reader Supported
Enhanced typesetting Enabled

Enhanced typesetting: Enabled

Enhanced typesetting improvements offer faster reading with less eye strain and beautiful page layouts, even at larger font sizes.
X-Ray Not Enabled
Word Wise Not Enabled

Word Wise: Not Enabled

Word Wise helps you read harder books by explaining the most challenging words in the book.
Print length 144 pages

Print length: 144 pages

Real page numbers that match the print edition (ISBN B089CSW4HQ).
Page Flip Enabled

Page Flip: Enabled

Page Flip is a new way to explore your books without losing your place.

Customer reviews

4.4 out of 5 stars
15 global ratings

Top reviews from Spain

There are 0 reviews from Spain

Top reviews from other countries

  • noavarice
    5 out of 5 stars
    Verified Purchase

    Simple & clean about the most important aspects of password authentication

    Reviewed in the United States on 21 November 2021
    Format: Paperback

    It's a quite a short book, covering important things like password hashing, using emails to log in, account activation and so on. It can be used as encyclopedia to recollect something about password authentication

    Sending feedback...
    Thank you. We’ll investigate in the next few days.
  • Just Some Guy
    5 out of 5 stars
    Verified Purchase

    A Great Crash Course in Building Secure Login Flows

    Reviewed in the United Kingdom on 24 May 2022
    Format: Paperback

    This is a great little book - honestly, it's much better than I had judged based on the cover (I broke the cardinal rule!).

    The book is a very quick read, at just 137 small-ish pages. The format is basically that of an "authentication handbook." It walks the reader through all the essential aspects of implementing a user registration and login/auth flow for any modern web/mobile app, including user registration, email verification, 2FA, and more. It's packed cover-to-cover with straight forward, practical advice, best practices, gotchas, security risks, common mistakes to avoid, etc. based on the author's years or real-world development experience.

    While the book is quite straightforward and easy to read, it does assumes a level of experience and familiarity with both full-stack development and general authentication mechanics and concerns (i.e. hashing, encryption, secure password storage, etc.). If you have at least that minimal development background, then the content is actually an easy read. At the same time, it's quite technical in nature, offering tons of pragmatic advice and minute details about things like various levels/types of encoding, hashing, entropy, and so on.

    The book doesn't include any code examples of actual _implementations_ - but the author discloses that up front. What he does include are recommendations and links to various encryption libraries and other resources (for the most popular languages – JS, Python, Java, Go, etc.).

    My only complaint about this book is that it's mostly written in prose, meaning it's going to be hard to go back and quickly flip to a given page or detail as a reference later on (most of the great technical details are buried in conversational paragraphs of text, rather than code examples, tables, or callouts). Even so, worst case I'll just have to spend 4 hours to read the entire book again, haha... Not a problem!

    If you're building a user authentication system, this is a great book to add to your library!

    Sending feedback...
    Thank you. We’ll investigate in the next few days.
  • Anri
    5 out of 5 stars
    Verified Purchase

    Great book from a great developer

    Reviewed in the United States on 29 May 2020
    Format: Kindle Edition

    Well structured and educating, suitable for junior and senior developers. Filled gaps in my security practices knowledge for sure.

    Sending feedback...
    Thank you. We’ll investigate in the next few days.
See more reviews

How customer reviews and ratings work

Customer Reviews, including Product Star Ratings, help customers to learn more about the product and decide whether it is the right product for them.Learn more how customers reviews work on Amazon