Web Application Authentication

Nitish singhNitish singh
3 min read

Hey! I’m back with another exciting article on Authentication. It is basically checking or making sure that the information is passed on to the correct user. In web applications like simple landing pages, we do not need to use authentication because it’s general information we are sharing with everyone. However, when it’s an application where we want to save a user and his data, it becomes necessary to secure the data and authenticate the user before sending any data.

The best authentication method for a web app depends on the app's security requirements. Some common methods include:

Username and password:

A common method for authentication by a server here we just take the Username and Password from the user. The username and password will be pass on with the header and then compare it with the data of saved users to find the correct user and we can reflect his data. The problem with this method is if user have your password and username he can directly access it with no obstraction.

Two-factor authentication

A common authentication method which is widely used in different kind of applications, here we are involving a two way authentication to make sure it’s correct user. The user first submit his username and password and then he is been asked to submit another authentication method like a phone, a pendrive or any other form of authentication factor he registerd with himself.

Biometric authentication

A method where the user has to prove his identity with his biometrics such as fingerprints or facial recognition. The main motto here is that fingerprints, eyes, and facial features are unique for everyone so it will be a better way to carry your identity as an authentication method. A simple scan of your biometrics and you are good to go, but the problem here is the fingerprints can be copied and used with users knowledge.

Certificates

A method where a trusted third party issues a certificate to a client to verify the server's identity, basically the idea behiend this is to make sure we are dealing with a secure method, so the third party involved will look for both side and provide it’s approval.

A user requests access to a protected resource.

  1. The server presents its certificate to the browser, which validates the public certificate.

  2. The server requests that the user authenticate themselves.

  3. The browser presents the user's certificate to the server for validation.

  4. The server authenticates the user's identity and grants access to the network

One-time passwords (OTPs)

A very common method used by a lot of applications here the basic idea is after verifying the user from it’s username and password we send a sis or four digit passcode which is valid for one time use. One Time Password (OTP) the basic idea is to send then otp to user via a sms text, or by a mail and he can provide it as additinal proof of verification.

Conclusion

These are some different methods we use to authenticate the user so that we can provide a safe and secure platform so that they can trust that their data is safe. We will go futher deep in the next artical till then give your thoughts and learn more about it. Thanks for reading!

0
Subscribe to my newsletter

Read articles from Nitish singh directly inside your inbox. Subscribe to the newsletter, and don't miss out.

authenticationauthorization2FAbiometricsCertificatesOTPOTP Verificationwebapps

Written by

Nitish singh
Nitish singh

A Software Engineer, Frontend Developer looking for opportunities to build myself