I am making an app that needs accounts, but I find all of the account management frameworks for Node.js to be too complicated. Would it be a bad idea to store user info in a regular collection? How could I do this to maximize security? I.E. encryption. What would you recommend as a strategy for this user management?
Asked
Active
Viewed 68 times
1 Answers
1
No, never save passwords, hash and save the hash. The only safe solution is to never ever save passwords on the server.
The hash function should be similar to PBKDF2, a salted-hashed-iterated function that is a time-consuming one-way function.
Also two-factor authentication on the server is necessary.
zaph
- 111,848
- 21
- 189
- 228