A simple authentication system built for my portfolio and educational purposes. It was written in Python 3.11, and I used the SQLite 3.42 database to store the credentials.
If the credentials match with any from the database, the program will show a message saying you are authenticated and exit. If the credentials do not match, it will show a message saying you are not authenticated and exit.
The program will ask for a new username. If the username is already taken, it will show a message saying that this username is already taken, and keep prompting you for a valid username.
Then it will ask for a password. If the password doesn't fulfil all requirements, the program will show the following message:
This password isn't strong enough.
Please insert a password that meet these requirements:
- At least 8 characters.
- At least one numeric digit.
- At least one uppercase letter.
- At least one lowercase letter.
- At least one special character.
And ask for the password again.
Finally, the user has to confirm the password. If it is not correct, they will have to type a valid password again, then confirm the password.
To delete an account, first the program asks the user to login. If the credentials match, it prompts the user to confirm they really want to delete the account.
If the answer is yes, the entry is deleted from the database. If it is no, the program exits.
The script setup_db.py will create a sample sqlite3 database with some pre-defined users. The credentials are:
| username | password |
|---|---|
user1 |
Pa$$w0rd |
user2 |
Qwer1234% |
user3 |
asdF!234 |
If the database already exists, the program will show the name of each table, how many rows they have, and ask if you would like to erase the file and create a new one.
I used the function getpass from the module getpass to obfuscate the password while prompting the user for it.
The passwords are stored salted and hashed.
The salt is generated with the module secrets. Each password has its own salt. And it is stored in a column next to the salted and hashed password.
The hash algorithm is Argon2, provided by the module pyargon2. It's configured as recommended in the OWASP's Password Storage Cheat Sheet:
- Argon2id variant
- 19MiB of memory
- Iteration count of 2
- 1 degree of parallelism
- Create a virtual environment:
python -m venv venv- Activate the virtual environment:
source venv/bin/activate- Install the requirements:
pip install -r requirements.txt- Set up the database:
./setup_db.py- Run the script
main.py:
./main.py- Choose an option from the menu and hit
Enter:
Authentication Program
Choose an option:
(1) Sign in
(2) Sign up
(3) Delete Account
(q) Quit
Your choice:
- You'll know what to do next.
- Refactor the code to use classes
- Ask the user to confirm the password when signing up
- Add password requirements
- Add option to change the password
- Add option to remove a user
- Use a better hashing algorithm (Argon2id)
- Salt the passwords before hashing
- Use Docstrings to document the code
- Use the PEP 8 style guide
- Add metadata