The hash should be salted with a value unique to that specific login credential. Your service should instead store a cryptographically strong hash of the password that cannot be reversed-created with Argon2id, or Scrypt. You must treat this data as sacred and handle it appropriately.ĭo not store plaintext passwords under any circumstances. My most important rule for account management is to safely store sensitive user information, including their password. Whether you're responsible for a website hosted in Google Kubernetes Engine, an API on Apigee, an app using Firebase, or other service with authenticated users, this post lays out the best practices to follow to ensure you have a safe, scalable, usable account authentication system. The resulting experience often falls short of what some of your users would expect for data security and user experience.įortunately, Google Cloud brings several tools to help you make good decisions around the creation, secure handling and authentication of user accounts (in this context, anyone who identifies themselves to your system-customers or internal users).
Often, account management is a dark corner that isn't a top priority for developers or product managers. Editor's note: This post includes updated best practices including the latest from Google's Best Practices for Password Management whitepapers for both users and system designers.Īccount management, authentication and password management can be tricky.
0 kommentar(er)
