account/ user account system / auth system / password / 계정관련 설계 / 계정 시스템 구성할 때 / 계정시스템 만들때
계정 관리 시스템 설계시 알아두면 좋은 내용
구글 클라우드에서 best practice 라면서 12가지 내용을 알려줬다. 여기서는 제목만 정리한다. 자세한 내용은 ref. 1 을 참고하자.
- 1. Hash those passwords
- 2. Allow for third-party identity providers if possible
- 3. Separate the concept of user identity and user account
- 4. Allow multiple identities to link to a single user account
- 5. Don't block long or complex passwords
- 6. Don't impose unreasonable rules for usernames
- 7. Allow users to change their username
- 8. Let your users delete their accounts
- 9. Make a conscious decision on session length
- 10. Use 2-Step Verification
- 11. Make user IDs case insensitive
- 12. Build a secure auth system
References
- Google Cloud Platform Blog: 12 best practices for user account, authorization and password management
댓글 없음:
댓글 쓰기