Book: Password Authentication for Web and Mobile Apps

Password Authentication for Web and Mobile Apps is a new book for web and mobile developers who want to learn how secure password authentication works and implement it in their apps.

It answers almost all questions that developers have about password authentication, such as how to store passwords securely, how to remember users, how to implement multi-factor authentication, etc.

Some other topics that it covers:

  • Email address validation.
  • Unicode issues in usernames, emails, and passwords.
  • Secure randomness and UUIDs.
  • U2F / WebAuthn.
  • JWT and signed cookies.
  • Five password hashing functions — PBKDF2, bcrypt, scrypt, yescrypt, Argon2 — and their issues and vulnerabilities.
  • Client-side password prehashing.
  • Rate limiting.
  • and more…

The book is available at https://dchest.com/authbook/