My Hash is My Passport: Understanding Web and Mobile Authentication
Andrew Tanenbaum once said, “The great thing about standards is there are so many to choose from.” That’s especially true in the realm of web and mobile application authentication. From Base-64 to OAuth, there are nearly as many ways to send your password to a server as there are ways to store that password.
But how do these work? Is any one system better than another, and if so, why?
This paper explains, with simple examples, how some of the most frequently-seen authentication systems work. It identifies the characteristics of an “ideal” authentication system, compares the common methods against that ideal, and demonstrates how to verify that they’ve been implemented correctly.
Author: David Schuetz