USD 8.03 with 67 percent savings Tax included
Print List Price: USD 23.97 Image
Amazon Points: +13 pt (1%)
You will be charged JPY 1,250

Promotions apply when you purchase

These promotions will be applied to this item:

Some promotions may be combined; others are not eligible to be combined with other offers. For details, please see the Terms & Conditions associated with these promotions.

You've subscribed to ! We will preorder your items within 24 hours of when they become available. When new books are released, we'll charge your default payment method for the lowest price available during the pre-order period.
Update your device or payment method, cancel individual pre-orders or your subscription at
Your Memberships & Subscriptions
Added to

Sorry, there was a problem.

There was an error retrieving your Wish Lists. Please try again.

Sorry, there was a problem.

List unavailable.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

  • Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication (English Edition)

Follow the author

Get new release updates & improved recommendations
Dmitry Chestnykh
Follow
Something went wrong. Please try your request again later.

Password Authentication for Web and Mobile Apps: The Developer's Guide To Building Secure User Authentication (English Edition) Kindle Edition

English Edition by Dmitry Chestnykh (Author) Format: Kindle Edition
4.4 out of 5 stars (15)
Authenticating users with passwords is a fundamental part of web and mobile security. It is also the part that’s easy to get wrong. This book is for developers who want to learn how to implement password authentication correctly and securely. It answers many questions that everyone has when writing their own authentication system or learning a framework that implements it.

Store passwords securely
  • What is the best password hashing function for your app?
  • How many bytes of salt should you use?
  • What is the optimal password hash length?
  • How to encode and store hashes?
  • When to pepper and encrypt hashes and how to do it securely?
  • How to avoid vulnerabilities in bcrypt, PBKDF2, and scrypt, and which Argon2 version to use?
  • How to update password hashes to keep up with Moore’s law?
  • How to enforce password quality?
Remember users
  • How to implement secure sessions that are not vulnerable to timing attacks and database leaks?
  • Why is it a bad idea to use JWT and signed cookies for sessions?
  • How to allow users to view and revoke sessions from other devices?
Verify usernames and email addresses
  • How to verify email addresses and why is it important? How Skype failed to do it and got hacked.
  • How to avoid vulnerabilities caused by Unicode?
  • How to disallow profanities and reserved words in usernames?
Add multi-factor authentication
  • How to implement two-factor authentication with TOTP and WebAuthn/U2F security keys?
  • How to generate recovery codes? How long should they be?
  • How to rate limit 2FA and why not doing it breaks everything?
Also…
  • How to create accessible registration and log in forms?
  • How to use cryptography to improve security and when to avoid it?
  • How to generate random strings that are free from modulo bias?
The book applies to any programming language. It explains concepts and algorithms in English and provides references to relevant libraries for popular programming languages.
Read more
Previous slide of product details
  1. Print length
    144 pages
  2. Language
    English
  3. Accessibility
    Learn more
  4. Publication date
    May 27, 2020
  5. File size
    2.2 MB
  6. Page Flip
    Enabled
  7. Word Wise
    Not Enabled
  8. Enhanced typesetting
    Enabled
Next slide of product details

Top deals for you

Recommended based on your past reading and purchase history
Go to all deals page

Kindle Unlimited Shojo Manga

Previous page
  1. Image
    マダムたちの茶会 ー産後ハイになった親友の末路 番外編ー
    マダムたちの茶会 ー産後ハイになった親友の末路 番外編ー
    4.7 out of 5 stars43
    USD 1.61 3pt (1%)
  2. Image
    男の子はダメなの?
    男の子はダメなの?
    2.9 out of 5 stars8
    USD 1.61 3pt (1%)
  3. Image
    保育園の先生と不倫した夫の末路外伝 サナ編
    保育園の先生と不倫した夫の末路外伝 サナ編
    3.6 out of 5 stars27
    USD 1.61 3pt (1%)
  4. Image
    ふつつかな悪女ではございますが ~雛宮蝶鼠とりかえ伝~: 1【電子限定描き下ろしマンガ付き】 (ZERO-SUMコミックス)
    ふつつかな悪女ではございますが ~雛宮蝶鼠とりかえ伝~: 1【電子限定描き下ろしマンガ付き】 (ZERO-SUMコミックス)
    4.8 out of 5 stars4246
    USD 4.28 7pt (1%)
  5. Image
    満月をさがして 1 (りぼんマスコットコミックスDIGITAL)
    満月をさがして 1 (りぼんマスコットコミックスDIGITAL)
    4.6 out of 5 stars91
    USD 0.64 1pt (1%)
  6. Image
    神風怪盗ジャンヌ モノクロ版 1 (りぼんマスコットコミックスDIGITAL)
    神風怪盗ジャンヌ モノクロ版 1 (りぼんマスコットコミックスDIGITAL)
    4.7 out of 5 stars75
    USD 0.64 1pt (1%)
  7. Image
    多聞くん今どっち!? 1 (花とゆめコミックス)
    多聞くん今どっち!? 1 (花とゆめコミックス)
    4.8 out of 5 stars1078
    USD 3.81 30pt (5%)
  8. Image
    ジト目後輩彼女と結婚するまで1
    ジト目後輩彼女と結婚するまで1
    4.6 out of 5 stars244
    USD 2.57 4pt (1%)
  9. Image
    紳士同盟クロス 1 紳士同盟+ (りぼんマスコットコミックスDIGITAL)
    紳士同盟クロス 1 紳士同盟+ (りぼんマスコットコミックスDIGITAL)
    4.1 out of 5 stars87
    USD 0.64 1pt (1%)
  10. Image
    歴史に残る悪女になるぞ 悪役令嬢になるほど王子の溺愛は加速するようです! 1 (B's-LOG COMICS)
    歴史に残る悪女になるぞ 悪役令嬢になるほど王子の溺愛は加速するようです! 1 (B's-LOG COMICS)
    4.7 out of 5 stars3219
    USD 2.37 4pt (1%)
  11. Image
    美味しいご飯が食べたくなる漫画: 特別版 誕生日旅行編
    美味しいご飯が食べたくなる漫画: 特別版 誕生日旅行編
    4.8 out of 5 stars1444
    USD 1.93 3pt (1%)
  12. Image
    悲劇の元凶となる最強外道ラスボス女王は民の為に尽くします。 To The Savior: 1【イラスト特典付】 (ZERO-SUMコミックス)
    悲劇の元凶となる最強外道ラスボス女王は民の為に尽くします。 To The Savior: 1【イラスト特典付】 (ZERO-SUMコミックス)
    4.6 out of 5 stars856
    USD 4.71 7pt (1%)
  13. Image
    異世界の沙汰は社畜次第 1 (B's-LOG COMICS)
    異世界の沙汰は社畜次第 1 (B's-LOG COMICS)
    4.8 out of 5 stars2761
    USD 2.37 4pt (1%)
  14. Image
    ジト目新卒ちゃんが彼女になるまで
    ジト目新卒ちゃんが彼女になるまで
    4.6 out of 5 stars632
    USD 2.57 4pt (1%)
  15. Image
    美味しいご飯が食べたくなる漫画【にしみつ】: 特別版お泊まり編
    美味しいご飯が食べたくなる漫画【にしみつ】: 特別版お泊まり編
    4.8 out of 5 stars2687
    USD 1.61 3pt (1%)
  16. Image
    悲劇の元凶となる最強外道ラスボス女王は民の為に尽くします。: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    悲劇の元凶となる最強外道ラスボス女王は民の為に尽くします。: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    4.8 out of 5 stars3569
    USD 4.07 6pt (1%)
  17. Image
    暁のヨナ 1 (花とゆめコミックス)
    暁のヨナ 1 (花とゆめコミックス)
    4.4 out of 5 stars888
    USD 3.81 30pt (5%)
  18. Image
    こどものおもちゃ 1 (りぼんマスコットコミックスDIGITAL)
    こどものおもちゃ 1 (りぼんマスコットコミックスDIGITAL)
    4.6 out of 5 stars199
    USD 0.64 1pt (1%)
  19. Image
    キミと越えて恋になる 単行本版 1 (マーガレットコミックスDIGITAL)
    キミと越えて恋になる 単行本版 1 (マーガレットコミックスDIGITAL)
    4.8 out of 5 stars538
    USD 0.64 1pt (1%)
  20. Image
    天幕のジャードゥーガル 1 (ボニータ・コミックス)
    天幕のジャードゥーガル 1 (ボニータ・コミックス)
    4.8 out of 5 stars2143
    USD 2.12 3pt (1%)
  21. Image
    とても大きな彼女にぼくは人生で一番大きな恋をした
    とても大きな彼女にぼくは人生で一番大きな恋をした
    4.9 out of 5 stars2000
    USD 3.84 6pt (1%)
  22. Image
    すみ香る君へ 1
    すみ香る君へ 1
    4.8 out of 5 stars70
    USD 1.93 3pt (1%)
  23. Image
    悪役令嬢レベル99 ~私は裏ボスですが魔王ではありません~ その1 (B's-LOG COMICS)
    悪役令嬢レベル99 ~私は裏ボスですが魔王ではありません~ その1 (B's-LOG COMICS)
    4.7 out of 5 stars4220
    USD 2.37 4pt (1%)
  24. Image
    屋根裏部屋の公爵夫人 1 (B's-LOG COMICS)
    屋根裏部屋の公爵夫人 1 (B's-LOG COMICS)
    4.6 out of 5 stars1606
    USD 2.30 4pt (1%)
  25. Image
    魔法使いの婚約者 ~Eternally Yours~: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    魔法使いの婚約者 ~Eternally Yours~: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    4.3 out of 5 stars243
    USD 4.28 7pt (1%)
  26. Image
    猫と私の金曜日 1 (マーガレットコミックスDIGITAL)
    猫と私の金曜日 1 (マーガレットコミックスDIGITAL)
    3.3 out of 5 stars148
    USD 0.64 1pt (1%)
  27. Image
    虫かぶり姫: 1【電子限定描き下ろしマンガ付】 (ZERO-SUMコミックス)
    虫かぶり姫: 1【電子限定描き下ろしマンガ付】 (ZERO-SUMコミックス)
    4.7 out of 5 stars2276
    USD 4.07 6pt (1%)
  28. Image
    女王の狗: 1【電子限定描き下ろし付き】 (ZERO-SUMコミックス)
    女王の狗: 1【電子限定描き下ろし付き】 (ZERO-SUMコミックス)
    4.8 out of 5 stars51
    USD 4.77 7pt (1%)
  29. Image
    悪役のご令息のどうにかしたい日常: 1【電子限定描き下ろしマンガ付き】 (ZERO-SUMコミックス)
    悪役のご令息のどうにかしたい日常: 1【電子限定描き下ろしマンガ付き】 (ZERO-SUMコミックス)
    4.7 out of 5 stars1082
    USD 2.28 4pt (1%)
  30. Image
    捨てられ男爵令嬢は黒騎士様のお気に入り: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    捨てられ男爵令嬢は黒騎士様のお気に入り: 1【電子限定描き下ろしカラーイラスト付き】 (ZERO-SUMコミックス)
    4.6 out of 5 stars991
    USD 4.28 7pt (1%)
Next page
See more

Product Details

  • ASIN ‏ : ‎ B089B3CG6W
  • Accessibility ‏ : ‎ Learn more
  • Publication date ‏ : ‎ May 27, 2020
  • Edition ‏ : ‎ 1st
  • Language ‏ : ‎ English
  • File size ‏ : ‎ 2.2 MB
  • Text-to-Speech ‏ : ‎ Enabled
  • Screen Reader ‏ : ‎ Supported
  • Enhanced typesetting ‏ : ‎ Enabled
  • X-Ray ‏ : ‎ Not Enabled
  • Word Wise ‏ : ‎ Not Enabled
  • Print length ‏ : ‎ 144 pages
  • Page Flip ‏ : ‎ Enabled
  • Customer Reviews:
    4.4 out of 5 stars (15)

About the author

Follow authors to get new release updates, plus improved recommendations.
Dmitry Chestnykh

Dmitry Chestnykh

Brief content visible, double tap to read full content.
Full content visible, double tap to read brief content.

Dmitry Chestnykh has been writing software for over twenty years, and now consults on applied cryptography and software security. He was a member of the Password Hashing Competition experts panel. He discovered and helped fix numerous vulnerabilities in commercial and open source apps, and wrote popular open source cryptography packages in JavaScript, Python, and Go. He created "I Write Like", a popular web site for writing analysis.

Dmitry's website is https://dchest.com

Customer reviews

4.4 out of 5 stars
15 global ratings

Top reviews from other countries

  • noavarice
    5.0 out of 5 stars Simple & clean about the most important aspects of password authentication
    Reviewed in the United States on November 21, 2021
    Format: PaperbackVerified Purchase
    It's a quite a short book, covering important things like password hashing, using emails to log in, account activation and so on. It can be used as encyclopedia to recollect something about password authentication
    Report
  • Just Some Guy
    5.0 out of 5 stars A Great Crash Course in Building Secure Login Flows
    Reviewed in the United Kingdom on May 24, 2022
    Format: PaperbackVerified Purchase
    This is a great little book - honestly, it's much better than I had judged based on the cover (I broke the cardinal rule!).

    The book is a very quick read, at just 137 small-ish pages. The format is basically that of an "authentication handbook." It walks the reader through all the essential aspects of implementing a user registration and login/auth flow for any modern web/mobile app, including user registration, email verification, 2FA, and more. It's packed cover-to-cover with straight forward, practical advice, best practices, gotchas, security risks, common mistakes to avoid, etc. based on the author's years or real-world development experience.

    While the book is quite straightforward and easy to read, it does assumes a level of experience and familiarity with both full-stack development and general authentication mechanics and concerns (i.e. hashing, encryption, secure password storage, etc.). If you have at least that minimal development background, then the content is actually an easy read. At the same time, it's quite technical in nature, offering tons of pragmatic advice and minute details about things like various levels/types of encoding, hashing, entropy, and so on.

    The book doesn't include any code examples of actual _implementations_ - but the author discloses that up front. What he does include are recommendations and links to various encryption libraries and other resources (for the most popular languages – JS, Python, Java, Go, etc.).

    My only complaint about this book is that it's mostly written in prose, meaning it's going to be hard to go back and quickly flip to a given page or detail as a reference later on (most of the great technical details are buried in conversational paragraphs of text, rather than code examples, tables, or callouts). Even so, worst case I'll just have to spend 4 hours to read the entire book again, haha... Not a problem!

    If you're building a user authentication system, this is a great book to add to your library!
    Report
  • Anri
    5.0 out of 5 stars Great book from a great developer
    Reviewed in the United States on May 29, 2020
    Format: Kindle (Digital)Verified Purchase
    Well structured and educating, suitable for junior and senior developers. Filled gaps in my security practices knowledge for sure.
    Report
See more reviews

Report an issue


Does this item contain inappropriate content?
Report
Do you believe that this item violates a copyright?
Report
Does this item contain quality or formatting issues?
Report