Securing passwords with hashing for your project

In today’s digital age, securing passwords is essential for safeguarding your personal data and online accounts. One effective method for password protection is hashing, a one-way data transformation process that converts data into an unreadable format.

When you create or change a password on our platform, we apply a powerful hashing algorithm. This digital fingerprint, or hash, cannot be reversed to reveal the original password. It’s securely stored and protected from unauthorized access, even if the database is compromised.

Beyond basic hashing, we implement pepper and salt as additional security measures. Pepper is a random value added before hashing, while salt is randomly added during the hashing process. With these two elements and a unique hashing algorithm, attackers would need both the original password and the specific pepper and salt values to generate a matching hash, making it harder for them to gain access.

Identity Provider (IDP):

An Identity Provider is an external entity responsible for managing user authentication and authorization processes. It handles registration, login, and session management. When users log into an application using their IDP credentials, the application relies on the IDP to validate those credentials and return information about the user’s identity.

Service Provider (SP):

A Service Provider is a platform or application that offers access to specific resources or services to its users. It trusts the Identity Provider to authenticate and provide valid user identities, allowing for secure access to these resources or services. The SP receives the necessary authentication information from the Identity Provider in the form of an assertion.

Resource Provider/Server (RP/RS):

A Resource Provider/Server is the entity responsible for managing or hosting specific data, applications, or services that users want to access. It ensures the secure transmission and usage of user identities and other sensitive information by employing encryption and proper authentication mechanisms like Single Sign-On.

SAML Request & Response:

Security Assertion Markup Language (SAML) is a widely used standard for exchanging authentication and authorization data between Identity Providers and Service Providers. A SAML request contains necessary information for the Identity Provider to initiate an authentication flow, while a SAML response contains user identity and attribute information that is then used by the Service Provider for access control and session management.

OAuth:

Open Authorization (OAuth) is another widely adopted protocol used for authorizing third-party applications to access specific resources or services on behalf of an end-user. OAuth focuses more on granting limited access to resources rather than handling the full authentication flow like SAML does.

Components of OAuth:

1. Resource Owner (RO): The end user who possesses the resource or account that needs to be accessed by a third-party application.
2. Authorization Server (AS): The system responsible for authenticating users, issuing access tokens, and managing client applications.
3. Client Application (C): A third-party application requesting access to resources on behalf of the user.
4. Resource Server (RS): The system that hosts or manages the resources being accessed by the client application.

OAuth Flow:

There are several types of OAuth flows based on the specific use case and interaction between components. The most common ones include the Authorization Code Grant, Implicit Grant, Resource Owner Password Credentials Grant, Client Credentials Grant, and Device Authorization flow. In general, the OAuth process involves the following steps:

1. Request for Access: A client application requests access to a user’s resource by redirecting them to the authorization server.
2. User Authentication & Consent: The user authenticates with their identity provider and grants consent for the requested access if they agree to the terms.
3. Access Token Issuance: The authorization server issues an access token to the client application, representing the authorized permissions.
4. Resource Access: The client application uses the access token to access resources from the resource server on behalf of the user.

Our company’s commitment to your security:

1. We never store plaintext passwords or transmit them over the internet.
2. Instead, we employ secure communication channels and best practices handling sensitive data.
3. Aragon2 ID is used as a third-party identity provider handling user registration and authentication, reducing the need for managing user accounts and passwords directly.