Considerations for Securing Log-in?
Posted by archworx on April 18, 2007
Someone was asking us about what factors to consider in order to develop a “secure” log-in component. Off the top of my head, I could think of the following rules of thumb that you should honour, assuming 1-factor security:
1. You really should communicate over SSL
2. You should also never transfer any credentials in the query string (neither username, nor password, nor any token of any sort)
3. Also, make sure that the password is never stored in plain text in your data repositories – you must always store its hash generated using a one-way hashing function. Being one way means that you can never go back the other way and retrieve the plain text password from the hash.
This means that you can never retrieve the password from the hash, so in order to verify it, you must take the newly provided password and hash that too, then compare both hashes to verify if they are identical. You can never do the comparison based on the plain-text of the password itself.
This is important because it illimates the risk that the admin will be able to find out what the plain-text password is by reversing the encryption function. From an algorithmic perspective, it is not acceptable to just “rely on the trustworthiness of the administrator” 🙂
4. At the same time, it is recommended that you use a “salt” to encrypt the password, or some other strong form of encryption.
I’m sure there may be others, but I can’t think of any more now – What else should we look for?