You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP
Socket
Book a DemoInstallSign in
Socket

passwordless

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

passwordless - npm Package Compare versions

Comparing version

to
1.0.4

11

CHANGELOG.md

@@ -0,1 +1,12 @@

# 1.0.4 (2014-10-29)
Bugfixes:
- FIXED wrong capitalization of lib/passwordless folder
Features:
- UPDATE dependency of Base58 encoder to bs58 (pure JS)
Documentation:
- N/A
# 1.0.3 (2014-10-25)

@@ -2,0 +13,0 @@

2

lib/index.js

@@ -6,2 +6,2 @@ 'use strict';

module.exports = new Passwordless();
module.exports.Passwordless = Passwordless;
module.exports.Passwordless = Passwordless;

@@ -5,3 +5,3 @@ 'use strict';

var crypto = require('crypto');
var base58 = require('base58-native');
var base58 = require('bs58');

@@ -8,0 +8,0 @@ /**

{
"name": "passwordless",
"version": "1.0.3",
"version": "1.0.4",
"description": "A node.js/express module for passwordless authentication",

@@ -49,4 +49,4 @@ "main": "index.js",

"dependencies": {
"base58-native": "^0.1.4"
"bs58": "^2.0.0"
}
}

@@ -463,3 +463,3 @@ # Passwordless

## The tokens and security
By default, tokens are generated using 16 Bytes of pseudo-random data as produced by the cryptographically strong crypto library of Node.js. This can be considered strong enough to withstand brute force attacks especially when combined with a finite time-to-live (set by default to 1h). In addition, it is absolutely mandatory to store the tokens securely by hashing and salting them (done by default in TokenStores such as [MongoStore](https://github.com/florianheinemann/passwordless-mongostore). Security can be further enhanced by limiting the number of tries per user ID before locking that user out from the service for a certain amount of time.
By default, tokens are generated using 16 Bytes of pseudo-random data as produced by the cryptographically strong crypto library of Node.js. This can be considered strong enough to withstand brute force attacks especially when combined with a finite time-to-live (set by default to 1h). In addition, it is absolutely mandatory to store the tokens securely by hashing and salting them (done by default with TokenStores such as [MongoStore](https://github.com/florianheinemann/passwordless-mongostore)). Security can be further enhanced by limiting the number of tries per user ID before locking that user out from the service for a certain amount of time.

@@ -466,0 +466,0 @@ ## Further documentation