Secure APIs with FastAPI and the Microsoft Identity Platform Transcripts
Chapter: Introduction to Identity
Lecture: Username and password databases
0:00 Our systems need to be able to store, retrieve and use digital identities in order to personalize our users experiences and secure access to
0:10 sensitive information. User names and passwords have been in existence since the early days of computing
0:16 we use them every day to sign into our computers, log into online banking, etc,
0:22 storing and securing passwords has been a fundamental challenge for developers and security experts and an
0:29 opportunity for hackers to make a lot of money. I'm pretty sure that most of you taking this course have come across one or many
0:36 applications that use a user name and password database to store digital identities.
0:41 And there in lies the challenge because creating a robust and secure identity system is much
0:47 more than just storing a user name and password in the database. You need to cryptographically secure this information.
0:54 So right from the beginning enter the wonderful world of digital cryptography but it doesn't stop there. This is only the beginning.
1:02 How do you protect your system from brute force attacks? How do you protect your system from denial of service attacks?
1:09 What about password resets should they be user initiated and self managed or will you
1:14 have an admin to approve these requests then you have to think about two factor and multi factor authentication. Modern security requirements demand.
1:24 MFA which means that you now have to integrate with multiple other services
1:28 such as email, One time password tools like Authy and Microsoft authenticator and text
1:34 messaging and that is more. With the prevalence of biometric capabilities in computing applications today need to be able to accommodate passwords,
1:44 logins, fingerprint and face login and fighter keys. And once you solve these problems there are even more challenges such as scalability and high
1:55 availability. How quickly can your database grow to accommodate new users and can you ensure
2:00 that it will be available and remain available to meet the uptime requirements of your application Finally, as organizations and applications grow,
2:10 how do you manage users roles, group membership permissions and so on? How extensible will your identity system be?
2:19 It's also not uncommon for a company to have more than one user database lying around which creates additional challenges for admins.
2:26 The lack of centralized identity system can create security holes in the infrastructure that could be
2:31 used by attackers to gain unlawful access to a system. The disparity of user name and password databases creates another important problem.
2:41 What happens when our digital identities need to access other resources and other systems not originally
2:47 intended for building a proprietary identity system reduces interoperability and integration that can inhibit business growth
2:55 Looking back at all these challenges, it feels that we are in a dire need of open standards that can be used
3:02 to build a identic systems that can be easily integrated with any solution and are extensible enough to adapt to any business requirements.
3:11 This is what OAUTH2 and OIDC Protocols were designed to solve and this is what we'll be looking at the next module.