Book: Password Authentication for Web and Mobile Apps

Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.

It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.

Some other topics that it covers:

  • Email address validation.
  • Unicode issues in usernames, emails, and passwords.
  • Secure randomness and UUIDs.
  • U2F / WebAuthn.
  • JWT and signed cookies.
  • Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
  • Client-side password prehashing.
  • Rate limiting.
  • and more…

The book is available at

React Canvas — render React components to canvas

React.js is known for its virtual DOM, but as Facebook’s software engineer Bill Fisher said, the virtual DOM is only an implementation detail.

Last week we saw Facebook releasing React Native, which renders native OS components instead of DOM elements. Today Flipboard released React Canvas, a high performance React renderer for <canvas>.

Continue reading React Canvas — render React components to canvas

5 React.js + Flux tools

React.js is a revolutionary JavaScript library created by Facebook, described by its developers as “V in MVC”, that is, a view layer. Some time after its release, Facebook introduced Flux application architecture, which used React.js for UI views, and specified how to deal with everything else without MVC architecture shortcomings. Flux is a pattern, not a framework or a library, so there’s a whole field of implementations, helpers, frameworks based on Flux out there. In this article we introduce five of them.

Continue reading 5 React.js + Flux tools