Book: Password Authentication for Web and Mobile Apps

Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.

It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.

Some other topics that it covers:

  • Email address validation.
  • Unicode issues in usernames, emails, and passwords.
  • Secure randomness and UUIDs.
  • U2F / WebAuthn.
  • JWT and signed cookies.
  • Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
  • Client-side password prehashing.
  • Rate limiting.
  • and more…

The book is available at

React Canvas — render React components to canvas

React.js is known for its virtual DOM, but as Facebook’s software engineer Bill Fisher said, the virtual DOM is only an implementation detail.

Last week we saw Facebook releasing React Native, which renders native OS components instead of DOM elements. Today Flipboard released React Canvas, a high performance React renderer for <canvas>.

Continue reading React Canvas — render React components to canvas

Colors — default web palette replacement

Remember the good old web palette? Colors that have names in CSS: navy, green, maroon, red, etc? Orange that was added in CSS Level 2? Well, they don’t look good anymore. Most designers don’t use these default colors, apart from maybe black and white, instead, they usually create unique color schemes for websites.

If you don’t want to spend a lot of time looking for a good color scheme for your new website, check out Colors, a “a nicer color palette for the web”.

Continue reading Colors — default web palette replacement

logutils — enhanced Go logging

The standard Go log package is pretty barebones, but is fine for many simple programs. For more complex applications, though, you’d probably want to have different log levels for different events. There are many logging packages, such as the previously covered log15 that implement log leveling and provide other features. HashiCorp’s logutils is something different.

Continue reading logutils — enhanced Go logging

Hint.css — pure CSS tooltips

While browsers have built-in support for tooltips, which can be added by setting the title attribute, unfortunately, such tooltips don’t look good and have a long delay before they appear. There are many JavaScript libraries for better looking and better behaving tooltips, for example, Bootstrap includes one. It turns out, though, that you can implement them with CSS alone, and that’s what Hint.css does.

Continue reading Hint.css — pure CSS tooltips