9 User password management

This chapter covers

  • Changing, validating, and resetting user passwords
  • Resisting breaches with salted hashing
  • Resisting brute-force attacks with key derivation functions
  • Migrating hashed passwords

In previous chapters, you learned about hashing and authentication; in this chapter, you’ll learn about the intersection of these topics. Bob uses two new workflows in this chapter: a password-change workflow and a password-reset workflow. Once again, data authentication makes an appearance. You combine salted hashing and a key derivation function as a defense layer against breaches and brute-force attacks. Along the way, I’ll show you how to choose and enforce a password policy. Finally, I’ll show you how to migrate from ...

Get Full Stack Python Security now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.