Reading Class11: Authentication - mwilkin-401-advanced-javascript/bend-javascript-401d2 GitHub Wiki

What is Authentication? It is the process of verification an entity as true and valid. The entity may be a user, a website etc. Authentication is the first piece of securing information transfer across the internet.

Another component of digital security is Session Management, which is a process of maintain a state (e.g. authorized, not authorized, expired, not expired). Sessions are maintained on the server and identify each session with a unique session identifier that can be passed back and forth between the server and the client.

There are many guidelines when considering authentication, such as, implementing proper password strength controls (password length, block common/simple passwords and password complexity), implementing a secure password recovery mechanism, store passwords in a secure fashion, 2-factor authorization, transmit passwords over transport layer protection, etc. The list goes on.

Another tool for securely transmitting data between two parities, is the JSON Web Token(JWT). It sends the information as a JSON object and it can be verifies and trusted because it is digitally signed, either using a secret or a public/private key pair.

JWTs can provide secrecy between parities. Signed tokens can verify integrity and the signature certifies that only the party in possession of the private key is the one that signed it.

JWTs can be used for authorization or information exchange. The JWT has a header, a payload and a signature.

Regardless, it is important to understand that digital security is the lynchpin of maintaining confidence in doing business on the web. Therefore, it is vital that stringent security protocols and practices be implemented when at all possible to ensure a predictable and secure environment.