A
A
Artyom2013-12-09 11:42:38
PHP
Artyom, 2013-12-09 11:42:38

What is the safest authentication method?

Hello!
The question arose, how to correctly and best implement authorization on your site? Is there any manual? On Habré, I saw how someone uses sessions, cookies and user ip. What other options are there?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
M
Mikhail Osher, 2013-12-09
@art_gur

Two-factor authentication with SMS.
Whoever has a device is in the house.

A
Alexander Kurganov, 2013-12-10
@akurganow

Some kind of vague question, for one site (almost personal 20+ users), I used this scheme, we store the login, md5 password and sha1 password, two tokens and a pin in the database. in the session we store the first token and login, in cookies the second token and login, if there is a first token, we let the login from the session go to the site, if not, we check if there is a second token, if there is, we ask for a pin, we create the first token using the correct pin and write it to session, if there is no second token, then we ask for a password. md5 and sha1 is a simple paranoia relief, collision is not possible, the algorithms do not require large investments of time and effort.

V
Vitaly Zheltyakov, 2013-12-09
@VitaZheltyakov

The safest way is using USB-token-a :)
Well, in a practical sense, authorization by login and password with cookies and sessions is enough.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question