A secure, modern web application featuring user registration, login, session management, and optional Two-Factor Authentication (2FA). Built with a focus on security best practices to protect user accounts from common attacks.
- Robust Authentication: Secure user registration and login endpoints.
- Password Hashing: User passwords are encrypted using
bcryptbefore being stored in the database. - SQL Injection Protection: The application uses SQLite with parameterized queries for all database interactions.
- Session Management: Persistent and secure sessions using
express-session. - Two-Factor Authentication (2FA): Optional TOTP (Time-based One-Time Password) setup using
speakeasyandqrcodefor Google Authenticator or Authy integration. - Modern UI: A premium vanilla CSS frontend featuring glassmorphism, dynamic micro-animations, and a responsive layout.
- Backend: Node.js, Express
- Database: SQLite3
- Authentication:
bcryptfor hashing,express-sessionfor sessions - 2FA:
speakeasy,qrcode - Frontend: Vanilla HTML/CSS/JS with modern CSS features (Grid/Flexbox, Custom Properties, Animations)
- Node.js (v14 or higher recommended)
- npm (comes with Node.js)
-
Clone the repository:
git clone <your-repository-url> cd "Secure Login System"
-
Install the dependencies:
npm install
-
Start the application:
npm start
(Or run
node server.jsif a start script is not configured) -
Open your web browser and navigate to:
http://localhost:3000
- Input Validation: Basic checks are performed on the server side to ensure passwords meet minimum length requirements.
- Parameterization: Direct mitigation of SQL injection by separating SQL code from user-supplied data.
- No Plaintext Passwords: Even in the event of a database leak, user passwords remain secure behind computationally expensive bcrypt hashes.
- 2FA Mitigation: Adds an additional layer of security beyond just passwords, protecting against credential stuffing or leaked passwords.