Design a Login Page / Authentication System
viaGlassdoor
Requirements: Design the system behind a login page -- user signup/login flow, credential storage, and session management -- discussed in an open-ended format.
Design:
- Password storage: hash and salt passwords (e.g. bcrypt/scrypt/argon2) rather than storing plaintext or reversible encryption.
- Brute-force mitigation: rate-limiting login attempts, account lockout/backoff, CAPTCHAs.
- Session management: server-side session tokens vs stateless JWTs, secure cookie flags (
HttpOnly,Secure,SameSite). - Extensions discussed open-endedly: OAuth/social login integration, multi-factor authentication, and password-reset flows.
asked …