A lot of computer systems rely on the need for the user to login using a username and password. This form of authentication is used to uniquely identify a user and give them access to the relevant information on the system.
The aim of this challenge is to create our own authentication process. We will break up this challenge in several steps:
Step 1: Login Screen
Create a login screen, where the user is asked to enter their username and password. Compare these values with a valid username and password stored within your code.
If the user enters the right username and password, the program should output a message saying “You are logged in!”. If not the program should display the message “Wrong username or password!”.
Step 2: Multiple Attempts
Amend your code so that if the user enters the wrong username and password they are being asked again. The user should have 3 attempts. If after three attempts their username and password is still wrong the program should end.
Step 3: Using a text file
Hardcoding the username and password in the code itself is not good practice as it does not allow users to create new usernames and passwords or to amend their password. It also restricts the number of usernames and password you can use. Instead usernames and password should be stored in a separate file so that usernames and passwords can easily be added or updated.
We have created a text file with the list of the 10 usernames and passwords. This data is organised as follows:
You can download this text file:
You can find out more about how to access text files in Python by reading this blog post.
Create a login script that checks the user’s username and password to see if they match any entry stored in the username.txt file.
Step 4: Sign Up
Before the login screen, give the option for a new user to sign up by entering their first name, last name and password. The system should work out the username (first letter of first name followed by last name) and store the username and password in the usernames.txt text file. If another user with the same username already exists, the program should add a number at the end of the username. For instance, “tswift2” would be the username of Tom Swift as there is already one username “tswift” for Taylor Swift in the text file.
Also you should add some validation routines to ensure that the user does not leave the first name or the last name fields blank. If they do, an error message should appear saying: “You must provide both your first name and last name!”.
Step 5: Change My Password
Once logged in the username should be able to change their password. Make sure that a logged in user has to enter their new password twice and that the program check that both entries are the same before updating their password.
Step 6: Strong Password Validation
Once a user enters a new password or updates their existing password the program should check that the password is a secure password by checking some, if not all of the following conditions:
- The password has to be at least 8 characters long,
- The password has to include uppercase letters and lowercase letters,
- The password has to letters and numbers,
- The password has to include at least one punctuation sign.
Step 7: Are You Human?
A CAPTCHA is a type of challenge-response test used in computing to determine whether or not the user is human.
Web-bots are computer programs that can be used to try every single possible password to try to get access to a password protected system. We can stop web-bots by asking a question that web-bots may not understand. Add a CAPTCHA to your login form to prevent web-bots trying to access your website.
Easy CAPTCHA: The computer displays a random 3 digit number on the screen and asks the user to enter this number when login in.
Complex CAPTCHA: The computer displays a random arithmetic question such as “what is 7+3?”. The user has to answer this question correctly when login in.