Header Small Ahoy!

Password Security And Beyond

The IT industry is currently going through a sort of civil war. At the time of writing, several large tech companies are engaged in a fierce competition to establish a new, more convenient and more secure method of handling online authentication and authorization. For the moment, usernames and passwords and still widespread. However, it seems almost certain that - in the future - users will not type in passwords to log themselves into web apps. These are almost certainly the last days of the username and password.

What replaces usernames and passwords in the future is anyone's guess. Potential successors include:

This is a random number generating device (this particular device uses a system called Pinsentry). It's a small device, about the size of a calculator, that can be used to authenticate users by means of random string generation. To use this device, users insert their bank card along with their four digit PIN for the bank card. The device then produces a random string of numbers than can be entered into a website to enable secure authorization.

Trongate Is Ready

At the moment, "big tech authentication" appears to be winning. The idea here would be to add a few lines of code to an app and effectively let a company like Google or Facebook handle the business of user authentication. There are already vast numbers of websites that invite you to login using Google and/or Facebook accounts. This method probably has the highest convenience factor for developers. However, security is a moving target and things could change in the future.

Whatever happens, you can be assured that the Trongate framework will be ready. The entire framework handles authorization and authentication in a manner that could rightfully be called 'open ended'. In other words, Trongate will not tie you down to a particular methodology for handing matters to do with logging people in.

The Trongate framework does, however, have a variety of tools to assist with authorization and authentication. Chief among these is Trongate's token system which can be used either in isolation or in combination with other authentication systems.

How Trongate handles token based authentication and authorization is the subject of this chapter.