2.1. Understanding Authentication
In the world of Web programming, authentication means any method you can use to verify that your users are who they say they are. You can't really ask every person who visits your Web site to flash a driver's license at the browser window (well, you could, but it wouldn't do much good), so developers have come up with other ways for users to prove their identities:
Passwords
Image recognition
Digital signatures
Each method has its advantages, and you may find that the best solution for your application is a combination approach.
2.1.1. Passwords
Passwords are one of the oldest forms of authentication, and if you use e-mail, access the Internet, or take cash out of an ATM, you use a password. Essentially, a password is simply a string of characters that only you know. If you're the only person who knows that string of characters, anyone who enters that string when prompted must be you. Right?
Not always.
One of the big problems with using password authentication is that passwords can be lost, stolen, or guessed.
2.1.1.1. Lost lost lost
Lost passwords present a bit of a hassle for developers, but they aren't really a security issue. When a user loses or forgets his or her password, he or she just comes to you. At that point, users don't care about security, they just want you to fix the problem so they can get back to ordering from your online store. You can use one of two common solutions to the lost password problem.
Send the user the password ...
Get PHP & MySQL® Web Development All-in-One Desk Reference for Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
