Trivially, the technical function of authentication is to allow access to a resource, ensuring that from the point of view of the identity of the user, nothing has changed compared to the previous access.
Behind this simple statement, however, there are non-trivial technological, organizational and psychological aspects that make authentication much more complex than it might seem.
It is necessary to examine the vulnerabilities of the different technical resources, computers, laptops, tablets, smartphones, but also of all the intelligent devices that are able to connect to the internet today.
The criticality of the information processed must be assessed, because there is a significant difference in value and risk between the data of a Facebook profile, a home banking account or the technical information to manage a corporate network.
Even from an operational point of view, it changes a lot if you limit yourself to viewing information only or if it is possible to carry out device-type activities.
An authentication method is a critical feature for accessing protected technical or information resources.
The password is one of the simplest authentication methods and can be used without any particular technical component.
Easy to create by anyone, it is normally used to access corporate or internet computer services.
It also allows you to protect technical equipment (computers, smartphones, wireless networks, etc.) both on a personal and corporate level.
In the case of personal applications, theft of the password can lead to data theft and financial damage, but at the company level the damage can be much more serious up to real cyber attacks in the case of theft of the administrative credentials of the systems.
Today we have connected to the internet billions of systems that offer services of all kinds, from ecommerce, financial services, social etc.
Many use on the shelf products to create the website they need.
All this has led to a problem related to access security and data privacy.
The implementation of a secure login system in compliance with the latest privacy regulations is long and expensive.
AUTH (https://auth.ssolo.co.uk) is a remote authentication service that allows you to connect your website via API to an authentication system that can reach a degree of military security.
It also authenticates, upon request, the identity documents of your users, all in compliance with the GDPR.
For WordPress-based sites a plugin is available downloadable here (https://wordpress.org/plugins/jwt-ssolo/), simple installation and in five minutes your site has a level of security comparable to a bank and compliant to the rules of the GDPR.
You simply fill in the fields that are requested from you in the registration form.
A very important field concerns the public key of your site.
AUTH needs this key to make sure that requests about your users actually come from your site.
To generate a public key and its corresponding private key with which all data will be encrypted, you can use the following procedure:
ssh-keygen -t rsa -b 4096 -m PEM -f jwtRS256.key
# Don't add passphrase
openssl rsa -in jwtRS256.key -pubout -outform PEM -out jwtRS256.key.pub
The jwtRS256.key.pub key is the one you will have to enter in the registration form. After registration, your site will be online and you can use AUTh to authenticate your users.