[Question] Authentication

Murz

PixelPenguin

Posts: 239

Threads: 20

Joined: Jul, 2021

Reputation: 28

Posted

What do you guys think the best authentication method is? What would you use too?

I am thinking a server based authentification (Client to Server), however, the question comes in my head... What if someone just jumps the check... How do you practically make authentification secure from the client side? I may just be over thinking it.

0

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice, Delta, Syraxes, Aeon, Jordan, Pluto, and Hiroku!

P.S, I like cats better too!

Sorvox

Posts: 17

Threads: 3

Joined: Mar, 2023

Reputation: 3

Replied

Interesting question, Murz. The best method of authentication really depends on what you're going to use it for, and what you need. I'm going to use password-based authentication as an example. It's the most common method of authentication. You can just provide a password to access something, although passwords can be weak and guessable, making this less secure than other methods. Although you could use certain requirements to make it more secured, such requiring an uppercase, lowercase and special character. Maybe include a number. It's up to you.

However, two-factor authentication combines user knowledge, such as a password, with someone the user must retrieve, such as a token from an app that changes on an interval.

Last, but not least: Public key infrastructure. PKI is a method which uses a public key infrastructure to exchange keys for authentication. It's usually extremely secure. You'll most likely find this being used in secure communication protocols such as SSL/TLS.

To answer your last question, you may want to enforce a secure password policy as I mentioned before. You could also force regular password changes. Be sure to encrypt all information, and utilize access control.

If you want to be as secure as possible, I suggest multi-factor authentication.

Good luck on whatever you're working on.

0

I am not very proficient in English, so I use AI to improve it.

Murz

PixelPenguin

Posts: 239

Threads: 20

Joined: Jul, 2021

Reputation: 28

Replied

@Sorvox,

thank you for the amazing advice and good wishes!

This does answer most my questions, I was thinking mainly for mine you have a password with three security questions of your choice with also a 2fa code if you would like one.

You make valid points for every topic you covered, I will also be encrypting/hashing data depending on how valuable it is. I will achieve this by using custom encryptions and sorts to try and make it a tad bit safer.

My main concern is someone just being able to jump through the checks and stuff, that is what I am really worried about. Do you have any thoughts on that?

0

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice, Delta, Syraxes, Aeon, Jordan, Pluto, and Hiroku!

P.S, I like cats better too!

RiceUsesArchBtw

rice cracker

Posts: 454

Threads: 19

Joined: Aug, 2021

Reputation: 38

Replied

next js + next-auth + prisma + trpc is a pretty good stack

0

https://cdn.discordapp.com/attachments/1023423265160560745/1132948683747500092/Frame_12x.png

Sorvox

Posts: 17

Threads: 3

Joined: Mar, 2023

Reputation: 3

Replied

@Murz, I agree with intristic_roast. I highly advise at least an optional 2fa.

0

I am not very proficient in English, so I use AI to improve it.

Murz

PixelPenguin

Posts: 239

Threads: 20

Joined: Jul, 2021

Reputation: 28

Replied

@intristic_roast,

Thanks for the reply Nickk. I understand this, however, I am curious about how to prevent people from jumping over the check. For example here,

if server.response == "true" then ; 0x300202

....

else ; 0x934093

....

end

assembly:

je 0x300202

jmp 0x934093

0x300202:

....

0x934093:

....

Of course I am not great at reversing or anything, however they can just manipulate the jumps. Can't they? I wonder how to prevent this.

0

Added

@RiceUsesArchBtw,

I will look into that, thank you for what you recommend! It seems like a good option. :)

0

Added

@intristic_roast,

Alright, so I can not do much. Got it, just add heavy obfuscation and such. Thnaks, Nickk!

0

Added

@intristic_roast,

yes. Anything made can be cracked and such as nothing is secure. Why is it not ideal though? Just because it can slow down users experiences?

0

Added

@intristic_roast,

true.

0

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice, Delta, Syraxes, Aeon, Jordan, Pluto, and Hiroku!

P.S, I like cats better too!

marcus__

S.K.I.D

Posts: 442

Threads: 23

Joined: Nov, 2022

Reputation: 28

Replied

i like oauth iirc its the gmail login thingy

its quick and simple for the user

and most sites support it (jon should add)

0

!!!!!marcus__!!!!!#8611

https://cdn.discordapp.com/attachments/1066053366758780978/1078052772567597127/image.png

Murz

PixelPenguin

Posts: 239

Threads: 20

Joined: Jul, 2021

Reputation: 28

Replied

@marcus__,

I'll have to look into that, If I ever make a website login, I will definitely remember this, thanks!

0

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice, Delta, Syraxes, Aeon, Jordan, Pluto, and Hiroku!

P.S, I like cats better too!

RiceUsesArchBtw

rice cracker

Posts: 454

Threads: 19

Joined: Aug, 2021

Reputation: 38

Replied

@intristic_roast, yeah

0

https://cdn.discordapp.com/attachments/1023423265160560745/1132948683747500092/Frame_12x.png

Murz

PixelPenguin

Posts: 239

Threads: 20

Joined: Jul, 2021

Reputation: 28

Replied

@Kxhu, yea I don't really personally believe in trusting third parties to manage auth type stuff. I believe in making it myself, however, good recommendations.

0

Ty for rep: Swiney, Byoke, Lion, Locust, Waves, Weeb, Nickk, darkn, Atari, CubeFaces, Lux14, Rice, Delta, Syraxes, Aeon, Jordan, Pluto, and Hiroku!

P.S, I like cats better too!

[Question] Authentication

Users viewing this thread: