Account Authentication

Last modified Jun 19, 2022
Account Authentication

Similar to Account Registration, Account Authentication involves 2 steps:

  1. Authenticate the Locker account
  1. Authenticate the Master Password

Authenticate the Locker Account

Use Email and Account Password

When a user enters an Email and Account Password, the Email and the Account Password hash generated by the Password-based Key Derivation Function 2 algorithm will be compared with their corresponding values stored in the database. If the two pairs match, the user account is successfully authenticated; otherwise, the login attempt is invalid.

Use OAuth

The OAuth authentication process takes place entirely at the service providers such as Facebook, Google, GitHub, and Apple. Locker only uses the results from these parties to confirm the user’s authentication.

Authenticate the Master Password

Only after the user has been successfully authenticated will the Master Password authentication be allowed to take place. This process is described in detail in the diagram below, with the main idea as follows:

  • Compare h1 and h2. If these two values match, the Master Password is correct. Otherwise, it is not.
Notion image