Welcome to the Treehouse Community
Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.
Looking to learn something new?
Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.
Start your free trial
Lucas Santos
19,315 PointsAuthentication Process
So I have taken the “User Authentication With Express and Mongo” course by Dave McFarland and have some very important concerns.
Ok let me start off by saying in all aspects of programming my weakness is sadly “Authentication” which is why I really need someone who understands this to please clear things up for me.
Authentication is a very important part of an application as it holds sensitive user information such as email and password so security is obviously important.
I completely understood this course but now my question is,
1. Is the way Dave taught this course a secure approach to building the security side of the application if you do NOT need to login with Facebook or some other social network that uses OAuth? My application logs users in with just an “Email Address” that they enter and a “Password”. So is what Dave taught enough for security???
2. Is there a more secure/better approach to the Authentication process that Dave taught? I’m not saying that there is any problem with the style of authentication that he has presented I’m just worried about hackers grabbing my users Email Address and Password because a lot of people tend to use the same email and password as their actual email address like gmail or yahoo leaving those emails exposed as well if a hacker gets a hold of both their email and password through my app.
3. From my understanding theres a node module that’s called “PassportJs” that helps with authentication. Is that any different then what Dave has taught in the sense of security? Is it better to use? I did a little bit of reading on Passport and understand that it uses an authentication token called a JOT but really do not understand how that works at all. Is there a benefit to using this.
I really felt like understanding the authentication process that Dave has taught was easy to learn and grasp which was great. I just want to make sure that my users can safely use my app without any worry of hackers. If someone could please clear this up for me and point me into the right direction I would greatly appreciate it!
Thank you so much!
Dave McFarland