Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Best way to handle user account authentication and passwords

What is the best way to handle user account management in a system, without having your employees who have access to a database, to have access to the accounts.

Examples:

  1. Storing username/password in the database. This is a bad idea because anyone that has access to a database can see the username and password. And hence use it.

  2. Storing username/password hash. This is a better method, but the account can be accessed by replacing the password hash in the database with the hash of another account that you know the auth info for. Then after access is granted reverting it back in the database.

How does windows/*nix handle this?

like image 664
Brian R. Bondy Avatar asked Sep 13 '08 18:09

Brian R. Bondy


People also ask

What are the best practices for user authentication and password management?

13 best practices for user account, authentication, and password management, 2021 edition 1 Hash those passwords. My most important rule for account management is to safely store sensitive user information,... 2 Allow for third-party identity providers if possible. Third-party identity providers enable you to rely on a trusted... More ...

What is user authentication and how does it work?

User authentication systems verify that only authorized users can access cloud applications and company accounts. These systems are designed to ensure that only the right people can access the right business systems, and they offer a range of features which help to enhance basic username and password account security.

How do I authenticate a new user?

This is most simply achieved by asking the user to provide a common identifying detail, such as email address, phone, or username. If that data matches an existing user in your system, require them to also authenticate with a known identity provider and link the new ID to their existing account. 5. Don't block long or complex passwords

Are there any pitfalls with username and password authentication?

As you can see, username and password authentication still has some pitfalls, especially if done incorrectly. Luckily, there's a simple way to combat all of these challenges: multi-factor authentication.


3 Answers

This is a better method, but the account can be accessed by replacing the password hash in the database with the hash of another account that you know the auth info for.

There's really no way around this. Anyone who as write access to the password file has complete control of the computer.

like image 121
Chris Upchurch Avatar answered Oct 02 '22 20:10

Chris Upchurch


This was a common issue in UNIX many years ago, and was resolved by separating the user identity components (username, UID, shell, full name, etc.) from the authentication components (password hash, password hash salt). The identity components can be globally readable (and in fact must be, if UIDs are to be mapped to usernames), but the authentication components must be kept inaccessible to users. To authenticate a user, have a trusted system which will accept a username and password, and will return a simple result of "authenticated" or "not authenticated". This system should be the only application with access to the authentication database, and should wait for a random amount of time (perhaps between 0.1 and 3 seconds) before replying to help avoid timing attacks.

like image 39
stormlash Avatar answered Oct 02 '22 21:10

stormlash


I'd go with 2 but use some salt. Some pseudocode:

SetPassword(user, password)
    salt = RandomString()
    hash = Hashfunction(salt+password)
    StoreInDatabase(user, salt, hash)

CheckPassword(user, password)
    (salt, hash) = GetFromDatabase(user)
    if Hashfunction(salt+password) == hash
        return "Success"
    else
        return "Login Failed"

It is important to use a well known hash function (such as MD5 or SHA-1), implemented in a library. Don't roll your own or try implementing it from a book its just not worth the risk of getting it wrong.

@Brian R. Bondy: The reason you use salt is to make dictionary attaks harder, the attacker can't hash a dictionary and try against all the passwords, instead she have to take the salt + the dictionary and hash it, which makes the storage requierments expode. If you have a dictionary of the 1000 most commaon passwords and hash them you need something like 16 kB but if you add two random letters you get 62*62*16 kB ≈ 62 Mb.

Else you could use some kind of One-time passwords I have heard good things about OTPW but havent used it.

like image 41
Mr Shark Avatar answered Oct 02 '22 21:10

Mr Shark