Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
Really good explanation, many thanks. Couple of points though (1) Passwords should be "salted" prior to hashing (2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy \__/\/ \____________________/\_____________________________/ Alg Cost Salt Hash
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually. This is how I saw it. I may be missing something.
7 minutes in and authentication has not even started i've seen 100 seconds videous about modern authentification methods that cover more info that this one
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
I have a question, can somebody help me? In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word. My question is, then what should we do? separate files in modules in JS? or something like that? Sorry if I said something stupid but I'm just starting on this... thank you
Man you know what's awesome? When you've been studying web dev for a few months and you're familiar with 90% of what was done here :) Awesome talk, thanks!
The deeper you go and the experienced you become, the faster this feeling will fade away. You are welcome.
you are right same feeling here.!!
@@runyalen dunning Kruger is a hell of a drug
Great talk by a bodybuilder..
developers should take care of their health more than others. because they sit all day night
he just did 1 push-up when he got an error
SO MUCH COVERED IN 30 MINS!!!!! AWESOME EXPLANATION!!!!!!
The best talk on authentication, and i needed this for nodejs. This is perfect!
I love this guy 😂 I love the language and how he sees things. You can say he really understand what he’s talking about from first second.
This is a great beginner guide for really basic authentication. I was hoping this would be a talk about different types of authentication. I guess I should have read the video description. I know I'm 5 years late to the party but maybe somebody else will see my comment and spare themselves a half an hour. (not trying to knock the guy, just the title was misleading and not what I was looking for)
Hey! Hello
I'm a beginner in all this and I'm very interested and in this topic, do you have recommendations about what sources (books, videos, free courses) can I use to learn more about authentication?
One of the best technical talk I have ever watched.
Give this dude an hour next time :) Great talk!
Really good explanation, many thanks. Couple of points though
(1) Passwords should be "salted" prior to hashing
(2) SSL is now deprecated, TLS should be used
I think the time was too strict to speak about it. but bcrypt by default uses salts. $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
\__/\/ \____________________/\_____________________________/
Alg Cost Salt Hash
🙌
Thank you
bcrypt automatically generates a random salt and salts the password before hashing
This man is a legend , his video is 100% useful and straightforward
Thank you so much for this
Loved the talk and the presentation. Unfortunate that they cut the time in half. Would've loved to hear more about new auth techniques like auth2.0, open id, authentication with serverless architechtures and JAM stack. Honestly I don't know much about them either, still learning.
This was very insightful. I had to rewatch the last half just to solidify the concepts.
Thanks.
Damm that might be one of the best presentation I have seen in a while
Amazing talk, covered important concepts in a short time.
I saw the Talk from 2015 and this looks the same but the 2015 talk was so good , I am gonna watch this one
He was very efficient with his time slot! Great talk
Sir, you are requested to make some video that elaborates API / web-sockets oAuth and related stuff. i dnt have a programming background, but your video made much of the things easier then easy. :-)
Very clean and easy to follow overview!
Thanks for watching!
This is the best tutorial for web authentication. Thanks Twillio
dude stop developing and go with the education bussiness. you are king. very very explanatory. thank you very much.
I got Goosebumps. Awesome talk.
This guy is amazing, learned so much.
Amazing talk for so many reasons. JWTs are still popular as the next shiny toy and 6 years later only 8,000 views.
So glad CSRF was included.
He is talented and verbose. Thanks man
This sharing is awesome, shared the basic concept of authentication in really short time.
Unbelievable quality of the material. Biiiiiiig LIKE!
Good 🌹 morning Sir and to ALL thanks for the business updated God bless to ALL 💕❤️👍✔️👌🥇☺️ the times 💕❤️👍✔️
Awesome video.. and even i would defenitly wanted more info about the Salts in bcrypt.
Great security tips by a bodybuilder!
Lots of things are packed together to form a nice presentation. Just like a body builder lol
beautiful! [this comes from the men that don't use exclamation marks lightly].
Absolutely perfect explanations!
wow! loved the talk
top web dev video all time!
Does these guy has a youtube channel?? how can we follow him ?? these video was awesome! and i want to learn more
This is mana from heaven
Clear Explanation... Thank you so much...
at 15:32 shouldn't it be checking for a session token or something not the user_id?
Same thing I was thinking. The session cookie seems to be the user._id and if this bit of info is leaked to the public, then it's easy to mimic a session of another user just by setting the cookie manually.
This is how I saw it. I may be missing something.
@@haopeiyang3443 I guess, to avoid this, the "httpOnly"-flag is used
It is checking for the req.session.userId because that is set on the server after a successful login (14:44). This is not coming from the client.
Learned so much in 30mins!
Let's actually implement that sh*t 😂
Bravo! This guy is a BEAST
You have done gr8 job bro.
7 minutes in and authentication has not even started
i've seen 100 seconds videous about modern authentification methods that cover more info that this one
Great talk, thanks!!!
Hey, look! I only have 30 mins and thats why I’ll spend half of the time describing the toolset
right..lol
Great talk!!!
Omg, I finally get it! Thanks a ton!!
Interesting talk.
i wish if he has a full course
Kudos for keeping it short.
Wouldn't you be able to add the req.user field manually with something like postman and trick the server into thinking you are a user?
Thanks Rambo Guy!
very useful
thank you!
Perfect!
this isn't anything you wanted to know about authentication, but is a decent tutorial on node servers, which is kind of the opposite, plus oral potty fixation
very helpful session!
I did the same and it took me 5-6hrs configuring passport.js and then i came here
That password would have been way more secure if he would have added a second '!'.
I have a question, can somebody help me?
In 2:47 he says that for the sake of simplicity for this video he was going to put all the login of the app inside server.js file *but*, he says that we should never do that in the real word.
My question is, then what should we do? separate files in modules in JS? or something like that?
Sorry if I said something stupid but I'm just starting on this... thank you
You are the best! Thank you
great talk but salting is very important too
what if you have more than one server? Will the authentication still work?
Is he researching authentication? I think he is preparing to beat me ;)
6:27 how can I visualize this JSON?
how about basic authentication?
Amazing talk!
This guy rocks!
you should get 1hr. awesome talk bro
Miss leading title. Authentication and Web Authentication are 2 different things.
Name of the guy ?
thanks dude!! that's legit!!
That was awesome!
Thank you!
What a great content.
brooooooo thank you so much
Awesome!
he is a chad in developer community
amazing stuff
Awesome...
checking data replication strategy for youtube
great
good
Gold
Perfect 👌🏽
Thankg u
be my boss
perfect
Here is the 50 minutes version
ua-cam.com/video/i7of02icPyQ/v-deo.html
7:05 if u know u know
♥️♥️♥️
what a chad
More Thanks for your help! We received your information, GOD BLESS, SIR!
ISAIAH 41:2,7,25 GOLDSMITH
Nice joke about Canadian police :D
the yahoo joke is pretty lame
This guy needs a more professional vocabulary.
I don't like it when they start dropping F bombs in a professional talk. You are not chillin with your buddies. Be professional.
I thought it was a bit awkward as well, but the rest of the talk was fantastic.
Oh shut up you snowflakes...
eh most programmers I know swear. I didnt even notice he was swearing