User Management- It’s Not as Easy as You Think

Photo by Martin LONGIN on Unsplash

Really! Signing up is difficult?

  • Allow users to register, log in by email
  • User decentralization
  • Integration with Gmail, Facebook
  • Integration with existing user systems in the enterprise
  • Reset password when users forget
  • Block account when a user enters wrong password many times
  • Secure API with mobile app
  • Two factor authentication (two factor authentication) with important accounts
  • Management: Add, delete, delete, edit users
User Management

What to do when the user forgot the password?

Method 1: Reset a new password randomly and then send it to the user

Method 2: Send the link to reset the user

Method 2: Send the link to reset the user

Prevent password guessing

Photo by Dan Nelson on Unsplash
  • When the user logs in incorrectly, do not report the wrong username or password. Just say the username or password does not match, the hacker will have more difficulty.
  • Hackers take advantage of the password reset function to detect if a user has email on that page or not. Whether the account exists or not, we only show the message: sent message.
  • Limit the number of login attempts when entering a wrong password. For example, after 3 times of entering the wrong password, the account will be locked in 10 minutes. Hackers can use this method to block user accounts, so be careful. Can incorporate additional capcha.

Small measure to increase security

  • With important operations such as changing email, changing password, deleting nick, it is necessary to force users to re-enter password. The reason is that sometimes users may steal cookies, or forget to lock the device. Look at Facebook and Google, both of these pages require us to re-enter your password when you want to change your password.
  • For applications that need high security, they must have Two-factor verification. I am currently using it, even if you know my Gmail or WordPress password. can not login.
  • You should encourage (or force) users to use a long password, accompanied by letters and numbers, capital letters and special characters.
  • The machine is very modern when cracking the password, you can go here to test how long it takes the machine to find out your password.
  • If your site does not have HTTPS, or the team has no experience doing security, just let the others worry. You can use OAuth, allowing users to log in from Google, Facebook.




Always be nice to anybody who has access to my toothbrush.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Trading Tournament: Weekly Results

lifecell & WhiteBIT: The Activity Competition Date Is Postponed

How to perform SSD Forensics | Part — I


Peter Parker might not be a mastermind cryptocurrency criminal, but the name Spiderman is quickly…


Double setup for encrypted email on iOS/macOS: via S/MIME and PGP

{UPDATE} Ballarina - Hack Free Resources Generator

Booking Tickets for 1Rupee in IRCTC Bus Booking App

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Always be nice to anybody who has access to my toothbrush.

More from Medium

版本控制(version control)實在太重要了 (上) 你會, 錄取!

Front-end and Back-end Explained In Layman’s Terms

A group of people building the front end for a mobile application

Collaborative Drawing App: Telling the User What to Do

A look under the hood of Emberly’s real-time collaboration framework