Design a Login Page / Authentication System

viaGlassdoor

Requirements: Design the system behind a login page -- user signup/login flow, credential storage, and session management -- discussed in an open-ended format.

Design:

  • Password storage: hash and salt passwords (e.g. bcrypt/scrypt/argon2) rather than storing plaintext or reversible encryption.
  • Brute-force mitigation: rate-limiting login attempts, account lockout/backoff, CAPTCHAs.
  • Session management: server-side session tokens vs stateless JWTs, secure cookie flags (HttpOnly, Secure, SameSite).
  • Extensions discussed open-endedly: OAuth/social login integration, multi-factor authentication, and password-reset flows.
Add a follow-up question they asked
No follow-ups yet. Be the first to add one.
asked …
LeaderboardSalary
Language
Account