User Authentication in Flask
User authentication is the process of verifying the identity of a user who is requesting to access a resource. For example, if a user is trying to access an online account, a software application will need to compare the details used by this user againist what it has in its database to verify if truely the user has access to the account.
Authentication helps to ensure only authorized users have access to a system by preventing anonymous access whose repercussion may be potentially damaging. With the exception of "guests" and automatically logged in accounts, most systems will require some basic forms of authentication.
There are three steps to authenticating a user:
-
Identification - The user has to provide some information about themselves to be able to access the system.
-
Authentication - The user is presented with a form that requires them to prove they are who they say they are.
-
Authorization - The user is granted access to the system if they are authenticated.
The most basic form of authentication is the password-based authentication. Here, the user provides a username and password to the system through a form and the system verifies that the username and password are correct. However, the password-based authentication system is not secure, for many reasons. Some of these reasons include:
-
Weak passwords - A password is considered weak if it is easy to guess.
-
Weak encryption - The conversion of a user's password into some kind of hash is weak.
It is highly recommended that users' passwords do not be stored as plain text in the database; rather, they need to be hashed. This adds an extra layer of protection to users' accounts in the event a database is compromised. The general rule of thumb in helping users protect their accounts is to encourage several best practices, including but not limited to the following:
-
Use a strong password - A strong password is one that is at least 8 characters long, contains at least one number, one letter, and one special character.
-
Do not use dictionary words - Dictionary words are easy to guess and are not secure.
-
Do not reuse passwords - Reusing a password is a security risk. When one passord is cracked, it is possible for someone to use the same password on other accounts.
-
Change passwords regularly - A regular change of passwords helps to secure your account.
Even though password-hashing is a good idea, it is not always effective. Think about how much of our lives happen online and on mobile devices. Our digital presence has become a great source of concern for security as most cyber criminals target online accounts.
In the event users' accounts are exposed, the damage can be unimaginably collosal. It will not just be the lose of data, but users' trust would be on the line too. Luckily, there are a handful of tools to help secure online accounts.
Two-factor Authentication (2FA)
Two-factor authentication is a method of authenticating a user by combining a password and a second factor such as a security token. The two factors are combined to further verify users before allowing access to an account.
The workflow to authenticate a user in a two-factor authentication system is that a user provides a normal password for authentication, but before they can gain access to an account, they will be required to provide a second piece of data that is unique to them. This token would be sent to the user either as a numeric code, a voice or a notification that requires them to perform some action such as pressing a button.
So, even if a user's password is stolen, the chances of an attacker having access to the token is extremely low. Some two-factor authentication systems have an expiration date on the token. This adds even more security to the process.
2FA in Flask
In this article, I will show you a few ways you can help secure your users' accounts by adding two-factor authentication to your system. You can click on any of the links below to learn how the implementation works in flask.