Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
Really good explanation, many thanks. Couple of points though (1) Passwords should be "salted" prior to hashing (2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy \__/\/ \____________________/\_____________________________/ Alg Cost Salt Hash
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
I have a question, can somebody help me? In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word. My question is, then what should we do? separate files in modules in JS? or something like that? Sorry if I said something stupid but I'm just starting on this... thank you
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually. This is how I saw it. I may be missing something.
7 minutes in and authentication has not even started i've seen 100 seconds videous about modern authentification methods that cover more info that this one
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation