Answer the question
In order to leave comments, you need to log in
A
A
Artyom2013-12-09 11:42:38
Artyom, 2013-12-09 11:42:38
What is the safest authentication method?
Hello!
The question arose, how to correctly and best implement authorization on your site? Is there any manual? On Habré, I saw how someone uses sessions, cookies and user ip. What other options are there?
3 answer(s)
@art_gur
@akurganow
@VitaZheltyakov
M
Mikhail Osher, 2013-12-09 @art_gur
Two-factor authentication with SMS.
Whoever has a device is in the house.
A
Alexander Kurganov, 2013-12-10 @akurganow
Some kind of vague question, for one site (almost personal 20+ users), I used this scheme, we store the login, md5 password and sha1 password, two tokens and a pin in the database. in the session we store the first token and login, in cookies the second token and login, if there is a first token, we let the login from the session go to the site, if not, we check if there is a second token, if there is, we ask for a pin, we create the first token using the correct pin and write it to session, if there is no second token, then we ask for a password. md5 and sha1 is a simple paranoia relief, collision is not possible, the algorithms do not require large investments of time and effort.
V
Vitaly Zheltyakov, 2013-12-09 @VitaZheltyakov
The safest way is using USB-token-a :)
Well, in a practical sense, authorization by login and password with cookies and sessions is enough.
Similar questions
A
K
J
Jam Zey2021-04-22 09:57:02
Where is the best place to store config files of applications in AWS?
2Reply
N
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question