Account Authentication
Similar to account creation, the account authentication process also consists of 2 stages: Basic Account Authentication and Master Password Authentication.Basic Account Authentication
Using Email and Account Password Locker compares the Email and hashed value of the Account Password through the PBKDF2 Key Derivation Algorithm entered by the user with the Email and Password Hash stored in the database to determine whether the user is valid. Using OAuth The OAuth authentication process is entirely handled by providers such as Facebook, Google, GitHub, or Apple. Locker only uses the authentication result from these providers to determine whether the user has been authenticated.Master Password Authentication
Only after the user has successfully completed basic account authentication can Master Password authentication take place. This process is described in detail in the diagram below, with the main idea as follows:- Calculate the Generated Master Password Hash (h1) value using the PBKDF2 Key Derivation Algorithm with 100,001 iterations on the Client and 216,000 iterations on the Server.
- Retrieve the Stored Master Password Hash (h2) value saved in the database during account registration.
- Compare h1 and h2. If the two values match, the Master Password is valid. If not, the value is incorrect.
