Hashing Passwords in Node and Express using bcrypt
Вставка
- Опубліковано 8 лип 2024
- Learn how to correctly hash and store your passwords for any web app using node.js and express. The only things you need to take away from the video are:
1. Don't store passwords in plain text
2. Hash your passwords using bcrypt
Chapters:
0:00 Intro
0:30 Hashing with bcrypt
2:30 Other Hashing Algorithms
4:30 Salt
6:30 bcrypt cost factor
9:03 Comparing Passwords
10:28 Express App
16:43 Summary
🔗Moar Links
My Website: www.sammeechward.com
Instagram: / meech_ward
Github: github.com/orgs/Sam-Meech-Ward - Наука та технологія
I love the little co-pilot interactions lol
I'm amazed how fast you spin up these little express applications to illustrate your point
Thought I already had a good understanding of this theme, however this review uncovers aspects I wasn't aware of. Thanks Sam.
You're a wonderful teacher. Appreciate the video.
Your're an excellent teacher.
Very good video. Simple, to the point without a bunch of clutter, very easy to understand. Thank you.
Really good introduction to bcrypt.
Great Video, great teaching style
Thank you, that was such a great short introduction, albeit knowledgeful.
Much appreciated! Your video helped me alot. Great teaching method 👍
Thank you so much! Super helpful beginner friendly guide.
Thanks for the helpful video !! helped a lot !!
Very clear and smart
awesome video. thanks dude!
definetly liked this video 👏
This was awesome! Thank you!
You're so welcome!
awesome video thanks!
this video made me understand res and req holy cow
Great video, thanks!!!
Great video, thanks! ;)
thanks everything was so celar to understand
I cant use await on my bcrypt.compare function, itd already inside an async function, can i get some help
I'm not using JS but this was an excellent tutorial. I'm most curious about the postman add on for vs code.
thank you !!
Awesome video
u explained it very well, do you have courses ?
how can you push on const user?. dont u have to use let user
which one is better between bcrypt and argon2 ?
I'm curious, without knowing exactly how the hashing algo does its thing, couldn't I just make up my own algo where a = 5236, b = 5267, c = 4523, so on and so forth, assigning each allowable character a value, then taking those values and do several other things with the result to make the process consistently repeatable so I can compare the result of my "hashing algo" with the original password, instead of using a publicly available tool like bcrypt? What would be the downside to this?
which tool using in vs code to pull request ?
I am your biggest fan Christ Martin from Coldplay! omg
Is this bcrypt still secure these days and standard in storing passwords?
I saw you showed some docs saying use bcrypt as second only against argon2id something
Argon2 is the new recommended hashing algorithm. It's more secure than bcrypt.
To use an await function with no async function es bien !!
good job. Please how can i do this in php mysql
Outrageous - VLDL Benjamin
What software / app is that? Visual studio code?
is it safe to send the password in the request as plain text? couldn't an unsecured wifi network easily intercept the call and steal the password?
not if you're running a https network
Good
Btw is it bad to encrypt username as well? is it bad practice/even more complex?
usernames aren't generally sensitive information, we display them publicly, so encryption isn't necessary and just takes more time. If you encrypt a username, you always need to decrypt it to use it. If you store it in a database, it makes looking up some data by a username way more difficult.
Also, keep in mind, that bcrypt is hashing, not encrypting. If you hash a username, you'll never be able to get that username back, so never do that.
@@SamMeechWard thank you and that makes sense. And also thank you for uploading content regarding AWS S3 and other services, you don’t understand how helpful they are. Is there any other way of contacting you?
@@asaphhere Thank you. You can join my discord server if you like discord.gg/XQJ5bmjKHk
It should b > npm i bcryptjs
Should you not hash the password before you post it?
@ 1:26 you are awaiting in a top level script / module without using an async IIFE... I thought that is not possible ?
It’s fine if you’re using es modules
Thanks ! Yes, I noticed this didn't work when using require() @@SamMeechWard
what the hell is going on ?? how can you use await without async???/
not working for me
I only like hash if it’s got potato in it. 🥔
Just don’t forget to add salt ;)
He's handsome i can't focus sos 🥲