Use case 9

  • Author: Jarno Huusko
  • Date / Version: 20/02/2024 / 1.0

User roles

  1. User (Actor1): Any individual who wants to create an account and securely authenticate to access Tukko's services.
  2. Dev / Sec (Actor2): Responsible for implementing and maintaining the security measures for the authentication process.
  3. Dev (Actor3): Develops the server-side logic for handling user registration, authentication, and data storage securely.

Prerequisites / Conditions

  1. The web app must have an accessible user interface for account registration.
  2. Backend systems and databases are in place to securely store user credentials and personal information.

Use Case Diagram

uml diagram

Description of use case -eg. Modify existing request

  1. Registration Form: The User accesses the registration form on Tukko's web app, filling in required information such as name, email, and password.
  2. Password Security: The User is guided to create a strong password, possibly with the assistance of a password strength meter implemented by the Back-end Developer.
  3. Data Submission: Upon form submission, the Back-end Developer ensures that the user's data is transmitted securely to the server, using encryption (e.g., Argon2).
  4. Account Verification: The User receives an email or SMS with a verification link or code to confirm their account, preventing unauthorized account creation.
  5. Secure Authentication: For login, the User enters their credentials, which are securely verified against the stored data.
  6. Session Management: Upon successful authentication, the User is granted a secure session, with mechanisms like session timeouts and token invalidation upon logout to enhance security.

Exceptions

  • E1: If the User enters weak or compromised passwords, they are prompted to choose a stronger password.

  • E2: If there are multiple failed login attempts, the account is temporarily locked, and the User is notified to prevent brute-force attacks.

Result

  • Users can register for an account and authenticate securely, with robust mechanisms in place to protect their credentials and personal information.

Use frequency

  • Account registration is a one-time process for new users, while authentication occurs each time a user accesses the service.

Additional information

  • The authentication system's design and implementation details, including the encryption methods and password policies should be documented for reference and compliance purposes.

Sources * Security practices are informed by industry standards and guidelines from organizations like OWASP and NIST for secure authentication and account management.