On the site, the login is made using a code of the type if the entered password matches the variable in which the password is stored, then the person enters the site. How to protect the site from the magic F12 button? I.e. how to make the password impossible to find
out
p.s. I have never done anything like this so the experience is 0.
I wrote the code and don’t know how to protect passwords.
function checkUsernamePassword() {
var username = document.getElementById("username").value;
var password = document.getElementById("password").value;
if (username == "admin" && password == "12345") {
window.location = "../index.html";
}
else {
window.location = "invalid-login.html";
}
}
>Solution :
Ordinarily, your approach would be easily bypassed.
However, with the WebCrypto API you can use strong encryption to protect the data that needs to be accessed with a password.
You’d use a salted PBKDF2 to stretch the password into a symmetric encryption key. Then, the data can only be accessed when the correct password is entered.
This approach relies on the password being of sufficient entropy to prevent a brute-force attack.