When designing software, some will require you to keep user’s security in mind. But how do you actually solve these issues?
What is security?
- How can you ensure that the user is them and not some other person acting on behalf of them?
- How can you ensure that their data, private information and more is properly kept hidden from everyone but them?
- How can you ensure only the correct people can do certain actions?
- How can you ensure that your servers, resources, databases are safe from attackers?
These are all questions to consider when designing software that requires security. So how do modern systems solve these issues?
Authentication
Authentication refers to verifying a user’s identity. To authenticate someone, it means to check that they are who they really are.
Conceptually, this seems really simple. A user can verify their identity by coming up with a password that only they know. However, under the hood, this is a lot more difficult to design a truly safe and secure system. Think about it:
- When a user logs in, how does it verify the password assigned to the username?
- How does it safely communicate with the server over the internet?
- How can you ensure that when a user communicates with the server, it is the same user with the same intentions? Once you think deeper into how users must interact with your software, it becomes a lot more daunting of a task.