Book: Password Authentication for Web and Mobile Apps

Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.

It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.

Some other topics that it covers:

  • Email address validation.
  • Unicode issues in usernames, emails, and passwords.
  • Secure randomness and UUIDs.
  • U2F / WebAuthn.
  • JWT and signed cookies.
  • Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
  • Client-side password prehashing.
  • Rate limiting.
  • and more…

The book is available at

Bolt — an embedded key/value database for Go

If you want data persistence in your Go application, most likely you’re thinking of using some database. The easiest and probably the most convenient for deployment are embedded databases. There are many wrappers for C databases, however Go developers usually prefer pure Golang solutions.

Bolt is the way to go: it’s a pure Go embedded key/value database, which is easy to use for persistence in your Go projects. Bolt is similar to LMDB, which many consider the best among state-of-the-art modern key-value stores. Just like LMDB, and unlike LevelDB, BoltDB supports fully serializable ACID transactions. Unlike SQLite, it doesn’t have a query language, and is much easier to use for common things.

Bolt saves data into a single memory-mapped file on disk. It doesn’t have a separate journal, write-ahead log, or a thread for compaction or garbage collection: it deals with just one file, and does it safely.

Continue reading Bolt — an embedded key/value database for Go