Best Practices for User Account Control

As a web developer, a common task undertaken for nearly any application, is a implementing user account controls. For all of those apps though there are different some fairly universal practices for keeping the accounts secure.

https://cloudplatform.googleblog.com/2018/01/12-best-practices-for-user-account.html?m=1

Hash those passwords
Allow for third-party identity providers if possible
Separate the concept of user identity and user account
Allow multiple identities to link to a single user account
Don’t block long or complex passwords
Don’t impose unreasonable rules for usernames
Allow users to change their username
Let your users delete their accounts
Make a conscious decision on session length
Use 2-Step Verification
Make user IDs case insensitive
Build a secure auth system

Hash those passwords

Allow for third-party identity providers if possible

Separate the concept of user identity and user account

Allow multiple identities to link to a single user account

Don’t block long or complex passwords

Don’t impose unreasonable rules for usernames

Allow users to change their username

Let your users delete their accounts

Make a conscious decision on session length

Use 2-Step Verification

Make user IDs case insensitive

Build a secure auth system

Share this:

Related

Leave a comment Cancel reply