Authentication

Authentication Strategies

HTTP Authentication Strategies

• Sinatara and HTTP Auth (Basic/Digest)
• HTTP Basic Authentication
  • Sinatra HTTP Basic Authentication
  • Why HTTP Basic Auth is Bad
  • Why the Hell Does your API Still Use Basic Auth?
• HTTP Digest Authentication
  • Digest access authentication

Password based authentication

• Password Hashing
  • password hashing algorithms
    • Enough With the Salts: Updates on Secure Password Schemes
      • key-stretching hash algorithms
      • scrypt vs. bcrypt vs. PBKDF2
  • Scrypt
    • Scrypt for Ruby
    • RbNaCl: Password Hashing (Scrypt)
  • Password storage strategies
    • [3 Wrong Ways to Store a Password][http://adambard.com/blog/3-wrong-ways-to-store-a-password/]
    • How to store salt?
• Password Strategies
  • XKCD: Password Strength

Authentication Gems

Warden

• Sinatra Warden Example
• Sinatra Authentication with Warden
  • Sinatra Site Template (SST) => Sinatra Warden Template
• Wiring up Warden & Sinatra

Shield

• Shield repo
• Simple Two-Factor Auth with Shield

Two-Factor Authentication

Gems for 2FA

• Simple Two-Factor Auth with Shield

2FA Services

• Authy
  • How Authy Built A Fault-Tolerant Two-Factor Authentication Service