Answer the question
In order to leave comments, you need to log in
What is the safest authentication method?
Hello!
The question arose, how to correctly and best implement authorization on your site? Is there any manual? On Habré, I saw how someone uses sessions, cookies and user ip. What other options are there?
Answer the question
In order to leave comments, you need to log in
Two-factor authentication with SMS.
Whoever has a device is in the house.
Some kind of vague question, for one site (almost personal 20+ users), I used this scheme, we store the login, md5 password and sha1 password, two tokens and a pin in the database. in the session we store the first token and login, in cookies the second token and login, if there is a first token, we let the login from the session go to the site, if not, we check if there is a second token, if there is, we ask for a pin, we create the first token using the correct pin and write it to session, if there is no second token, then we ask for a password. md5 and sha1 is a simple paranoia relief, collision is not possible, the algorithms do not require large investments of time and effort.
The safest way is using USB-token-a :)
Well, in a practical sense, authorization by login and password with cookies and sessions is enough.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question