Every time you log in somewhere, a service has to answer one question before it lets you near anything: are you really you? This chapter is about how that question gets answered online — passwords, the extra checks layered on top of them, and the quiet trick that lets you stay logged in without typing your password on every page.
5 topics
A service can't protect Olivia's account until it knows the account is hers. So before anything else happens, it has to establish identity — convince itself that the person knocking is the right person. That single problem, proving who you are to a machine that has never met you, is what this whole chapter is about.
The five topics walk it in order. First the difference between proving who you are and being allowed to do something — two questions people constantly merge into one. Then the password, the oldest answer and the weakest, and why it fails so often. Then the idea of asking for more than one kind of proof. Then a small puzzle: how a good service can check your password without actually storing it. And finally, how a service remembers you've already proven yourself, so you stay logged in for a while.
One login, four steps: how a service decides to let you in and keep you in