Hashing Passwords in Node and Express using bcrypt
HTML-код
- Опубликовано: 30 июн 2024
- Learn how to correctly hash and store your passwords for any web app using node.js and express. The only things you need to take away from the video are:
1. Don't store passwords in plain text
2. Hash your passwords using bcrypt
Chapters:
0:00 Intro
0:30 Hashing with bcrypt
2:30 Other Hashing Algorithms
4:30 Salt
6:30 bcrypt cost factor
9:03 Comparing Passwords
10:28 Express App
16:43 Summary
🔗Moar Links
My Website: www.sammeechward.com
Instagram: / meech_ward
Github: github.com/orgs/Sam-Meech-Ward Наука
Thought I already had a good understanding of this theme, however this review uncovers aspects I wasn't aware of. Thanks Sam.
I'm amazed how fast you spin up these little express applications to illustrate your point
I love the little co-pilot interactions lol
You're a wonderful teacher. Appreciate the video.
Very good video. Simple, to the point without a bunch of clutter, very easy to understand. Thank you.
Thank you, that was such a great short introduction, albeit knowledgeful.
Much appreciated! Your video helped me alot. Great teaching method 👍
Thank you so much! Super helpful beginner friendly guide.
Really good introduction to bcrypt.
Great Video, great teaching style
Your're an excellent teacher.
Thanks for the helpful video !! helped a lot !!
awesome video. thanks dude!
This was awesome! Thank you!
You're so welcome!
Great video, thanks!!!
definetly liked this video 👏
I'm not using JS but this was an excellent tutorial. I'm most curious about the postman add on for vs code.
awesome video thanks!
Very clear and smart
Great video, thanks! ;)
this video made me understand res and req holy cow
thanks everything was so celar to understand
Awesome video
thank you !!
u explained it very well, do you have courses ?
Is this bcrypt still secure these days and standard in storing passwords?
I saw you showed some docs saying use bcrypt as second only against argon2id something
Outrageous - VLDL Benjamin
I am your biggest fan Christ Martin from Coldplay! omg
I cant use await on my bcrypt.compare function, itd already inside an async function, can i get some help
Good
I'm curious, without knowing exactly how the hashing algo does its thing, couldn't I just make up my own algo where a = 5236, b = 5267, c = 4523, so on and so forth, assigning each allowable character a value, then taking those values and do several other things with the result to make the process consistently repeatable so I can compare the result of my "hashing algo" with the original password, instead of using a publicly available tool like bcrypt? What would be the downside to this?
Argon2 is the new recommended hashing algorithm. It's more secure than bcrypt.
which one is better between bcrypt and argon2 ?
What software / app is that? Visual studio code?
To use an await function with no async function es bien !!
is it safe to send the password in the request as plain text? couldn't an unsecured wifi network easily intercept the call and steal the password?
not if you're running a https network
which tool using in vs code to pull request ?
how can you push on const user?. dont u have to use let user
good job. Please how can i do this in php mysql
Btw is it bad to encrypt username as well? is it bad practice/even more complex?
usernames aren't generally sensitive information, we display them publicly, so encryption isn't necessary and just takes more time. If you encrypt a username, you always need to decrypt it to use it. If you store it in a database, it makes looking up some data by a username way more difficult.
Also, keep in mind, that bcrypt is hashing, not encrypting. If you hash a username, you'll never be able to get that username back, so never do that.
@@SamMeechWard thank you and that makes sense. And also thank you for uploading content regarding AWS S3 and other services, you don’t understand how helpful they are. Is there any other way of contacting you?
@@asaphhere Thank you. You can join my discord server if you like discord.gg/XQJ5bmjKHk
Should you not hash the password before you post it?
It should b > npm i bcryptjs
@ 1:26 you are awaiting in a top level script / module without using an async IIFE... I thought that is not possible ?
It’s fine if you’re using es modules
Thanks ! Yes, I noticed this didn't work when using require() @@SamMeechWard
not working for me
I only like hash if it’s got potato in it. 🥔
Just don’t forget to add salt ;)
what the hell is going on ?? how can you use await without async???/
He's handsome i can't focus sos 🥲