Revise Computingrevisecomputing.co.uk
At a glanceFeaturesStudentsPricingHow it worksFree GCSE notesExam dates
At a glanceFeaturesStudentsPricingHow it worksFree GCSE notesExam dates

Knowledge organisers / Defensive Design

Authentication

All topicsPractise exam questions
Knowledge organiser

Defensive Design

301.16c

Username + password.

What you need to know

Authentication verifies a user's identity, typically with a username and password. A simple implementation checks entered credentials against stored values.

Key points

  • Compare entered username and password against stored values
  • Give limited attempts to prevent brute force
  • Don't reveal which field was wrong (security)
  • Use == for comparison, not =

Code examples

Simple login
python
STORED_USER = "admin"
STORED_PASS = "secret123"
attempts = 3

user = input("Username: ")
pwd = input("Password: ")
while (user != STORED_USER or pwd != STORED_PASS) and attempts > 1:
    attempts -= 1
    print("Incorrect. " + str(attempts) + " attempts left")
    user = input("Username: ")
    pwd = input("Password: ")

if user == STORED_USER and pwd == STORED_PASS:
    print("Login successful")
else:
    print("Account locked")