Skip to content

Securely authenticate user accounts

  • Author: Janika Ruoranen
  • Date / Version: 08/04/2024

User roles

  1. Dev
  2. Sec
  3. Tester

Prerequisites / Conditions

  1. User account registration is required.
  2. Existing user credentials should be validated securely.

Use Case Diagram

uml diagram

Register

  1. The user provides necessary registration information, including username, email, and password.
  2. The system validates the provided information, ensuring the username and email are unique and meet specified criteria.
  3. Secure authentication mechanisms such as bcrypt are employed to securely hash and store the user's password.
  4. Upon successful registration, the system securely stores the user credentials and provides a confirmation message to the user.

Log in

  1. The user provides their username and password to log in.
  2. The system verifies the provided credentials against the securely hashed passwords stored in the database.
  3. Upon successful verification, the user gains access to certain features within the system that require authentication.

Exceptions

  • E1: Incorrect credentials provided on log in

  • E2: Registration information incomplete or invalid.

Result

  • Successful registration allows users to log in securely with validated credentials.

Use frequency

  • Users register and log in whenever accessing the system.

Additional information

  • Secure authentication mechanisms such as bcrypt should be used for password hashing.
  • Regularly audit and update authentication processes to address security vulnerabilities.
  • Input validation on front and backend.

Sources

This wiki-document is based on the The public administration recommendations

Thanks to the original authors.