If we want to make the web better for people then the most important thing that we can do is to learn the basics. Not of technology, but of our fellow humans. Because, as we’ve show earlier, empathy is the most important skill that a developer can have. Our job is 100% about people, about our fellow humans. How can we do an amazing job for them if we don’t understand who we are building for?
In order to authenticate users, web applications often store user passwords. This can be tricky, because password storage mechanisms are a watering hole for bad advice: there are several solutions to this problem but very few are truly secure. If you store the passwords of your users, your goal should be to make sure that in the event of a data compromise, user passwords should remain safe. The best way to store users passwords is to use a password-based key derivation function (PBKDF) with a sufficient work factor. If your application does not leverage a PBKDF, you should migrate password storage schemes immedietely. More on this later.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and DigitalOcean. It works by delegating user authentication to the service that hosts the user acc