The authentication chain

Connecting to a service, a system, or a website is a process that’s a bit more complex than one might think.

Posted on
2 minutes
365 words

This series of articles simply explains the processes and best practices for logging in.

Note: This post was translated from french with the help of AI. The original post was written with the knowledge of a younger me.

Step 1, the basics

We start at the beginning. The very first step is the password, the most common authentication method.

What makes a good password, how to best manage the multitude of passwords.

All about a good password

For developers, this article explains how to manage password authentication on your system. Note, the recommendations in this article are valid for the first quarter of 2019. If you read this article in 2038 (well hello to transdimensionals already, or “−··· −−− −· ·−−− −−− ··− ·−· ·−−·− ·−·· ·−−−−· ·· −· − · −· − ·· −−− −· −·· · ·−·· ·− −−· ·−· −−− ··· ··· · ···− −−− ·· −··−  " in your language), the recommendations will probably (surely) be outdated.

Passphrase implementations

Step 2, strengthening

Once the password is set (so no more “1234567890”), we move to the second step (which is aptly named).

Two-factor authentication is based on the principle “Something you know, something you have.”

All about two-factor authentication

Step 3, distributing authentication

Once authenticated on one system, why do it again on others? It is error-prone and not very pleasant.

There is a solution that allows you to securely distribute your authentication. With this solution, you authenticate to one service and other services, systems, websites you use can recognize your identity and authenticate you on demand without repeating the first two steps.

Social logins, how do they work?

Step 4, access control

Once authenticated, you do not have access to all the resources provided by services either. There are rules to select what you can access and what is denied. Users of a service are organized according to groups or roles. What on social networks is called tribe, clan, horde, community, committee, section, commission, (·−−· −−− ·−·· −·−− ·−−· ···· −−− −· ·· · ··· for the transdimensionals)…

What is a community? Groups and roles

There you go. Of course, this is a base. There are many variants and special cases.