PRO TIP: Always save the user password client side, validate it there and send a boolean to the server. It reduces backend load times and unnecessary calculations/computations.

@topsecret230 if the backend encounters an error, just return the web app/page using admin access so the client has an easier time troubleshooting the problem

Also store the password in clear text so that you can tell the user exactly which letter is wrong. That improves UX drastically.

Why bother storing the password at all? Just accept anything .. but first, generate a random number and check if n % 5 == true. That way it will fail sometimes. You should make it look like you're doing something, while also confusing people with password managers.

Why bother storing the password at all? Just accept anything .. but first, generate a random number and check if n % 5 == true. That way it will fail sometimes. You should make it look like you're doing something, while also confusing people with password managers.

Don't forget to show what the user is typing underneath the password input by default (looking at you amazon on mobile)

You got that joke from linkedin

What is serious a joke is that we store passwords all in a browser these days, a place where everyone knows where your credentials are. One wrong npm package, and you're gone.

The default security of 90% of people is a joke.

We should cancel the password by now. Just your username. Customer friendly.

pff, you store the password? I just throw it away, I only store the length, then only check the size of the password and the username client side.

But I always add a null filled row called password, that way if the password gets leaked by hackers they will be confused and give up

That's a great idea. We could probably get rid of the ever growing users table and reduce the IAM server capacity to 1 or even 0 (the GW could decipher the boolean frol the client)

You guys use passwords?

And if your website needs a CAPTCHA for compliance reasons, add in a button to allow the user to order ChatGPT to pass the "are you a human?" test for them.

🤔To be fair with message signing you could actually make something like this work securely (the challenge can't be the password/secret hash of course but a derived message). Generating the challenge and verifying the response is likely heavier but it does prevent sending the secret/password.

Of course the real benefit of this is that we get to prove everyone wrong and that you can have a "signed boolean" and am "unsigned boolean".