02. Common Authentication Methods

Common Authentication Methods

Username and Passwords

This is the most common method of identifying users in the age of Software as a Service (Saas).

ND004 C03 L02 A0X Usernames And Passwords

HTTP Status Codes

Two status codes which are important throughout this course are:

  • 401 Unauthorized

    The client must pass authentication before access to this resource is granted. The server cannot validate the identity of the requested party.

  • ##### 403 Forbidden
    The client does not have permission to access the resource. Unlike 401, the server knows who is making the request, but that requesting party has no authorization to access the resource.

For a complete list of status codes, check out the MDN Web Docs

Brief Intro to Problems with Passwords

ND004 C03 L02 A0X Passwords Have Problems 1

As we discussed in the video, some issues with passwords are outside of our control as developers. Many issues come from user behavior that we cannot directly influence, such as:

  • Users forget their passwords
  • Users use simple passwords
  • Users use common passwords
  • Users repeat passwords
  • Users share passwords

In contrast, some issues are within our control as developers:

  • Passwords can be compromised
  • Developers can incorrectly check
  • Developers can cut corners

Next Concept