Password Protection with ActiveRecord

Password Graphic

In today’s world, all of our personal information and data is stored somewhere online. Whether it be our bank accounts or even a personalized collection of our favorite memes. All of this information is usually tied to an account on a website protected by a personalized password. Unfortunately, most us of tend to have one, maybe two, passwords that we use for our dozens of accounts scattered across the web. This means that if a hacker were to obtain the password for your meme collection, it wouldn’t be long until they had access to your bank account as well.

So how do we prevent this?

As developers, it is our job to put in the work to protect the common internet user. Luckily for us, ActiveRecord makes this incredibly easy. By simply using ActiveRecord and adding the built in method, has_secure_password, which ensures each user has a unique password, to your model, along with the ‘bcrypt’ gem, we’ve already taken care of most of the core work to make sure your information is protected.

How does this work?

has_secure_password and bcrypt work hand in hand. In fact, has_secure_password add methods to set and authenticate against a bcrypt password. has_secure_password also brings in extra validations. For instance, it requires the user to enter a password upon creation. It also requires the password to be less than or equal to 72 bytes. This lays the ground work for other validations we see today, such as requiring a capital letter or symbol.

Bcrypt

So what exactly is a bcrypt password? Bcrypt is a hashing function that builds a secure password database. It takes the user’s password and “salts” it. Salting is the process of taking a user’s password and adding random bits to it so it is unrecognizable and cannot be unveiled by a hacker.

By using these hand in hand, not only are we getting saving ourselves having to write out protection code manually, and most likely making a grave mistake that could lead to a breach, we are implementing extremely valuable security measures to protect both our users and ourselves from the dangers the web has to offer.

Rookie coder trying to find my way into the tech world.