Securely authenticate user accounts
- Author: Janika Ruoranen
- Date / Version: 08/04/2024
User roles
- Dev
- Sec
- Tester
Prerequisites / Conditions
- User account registration is required.
- Existing user credentials should be validated securely.
Use Case Diagram
Register
- The user provides necessary registration information, including username, email, and password.
- The system validates the provided information, ensuring the username and email are unique and meet specified criteria.
- Secure authentication mechanisms such as bcrypt are employed to securely hash and store the user's password.
- Upon successful registration, the system securely stores the user credentials and provides a confirmation message to the user.
Log in
- The user provides their username and password to log in.
- The system verifies the provided credentials against the securely hashed passwords stored in the database.
- Upon successful verification, the user gains access to certain features within the system that require authentication.
Exceptions
-
E1: Incorrect credentials provided on log in
-
E2: Registration information incomplete or invalid.
Result
- Successful registration allows users to log in securely with validated credentials.
Use frequency
- Users register and log in whenever accessing the system.
Additional information
- Secure authentication mechanisms such as bcrypt should be used for password hashing.
- Regularly audit and update authentication processes to address security vulnerabilities.
- Input validation on front and backend.
Sources
This wiki-document is based on the The public administration recommendations
Thanks to the original authors.