Hashing Passwords | Node Authentication Tutorial – Part 3

Released on May 23rd 2017
Length: 08:33

Learn the basics behind hashing users' passwords and why it is so very important to do this within any password related app. When it comes to securing your users' passwords, it's integral, no, absolutely necessary to hash your users' passwords before storing them in a database. Hashing is the process of scrambling up a user's password into a long string of characters that's undecipherable. The interesting thing about hashing: once you put the password in the hasher, there's no way to convert it back to its original form (at least from a mathematical standpoint). This helps ensure that your users' passwords are unreadable in the off chance someone happens to stumble upon the data in your database. Code along with me as I demonstrate how to implement hashing functionality into our user based node app. bcrypt npm link: https://www.npmjs.com/package/bcrypt Video Git Repo (starts at part 1): ------------------------------------------------ https://github.com/christopher4lis/express-cc Node Authentication Process: ------------------------------------------ // Add our boilerplate // 1.x Git clone express-cc repo // 2.x Run yarn / npm install // Create a new user in the database // 1.x Create a form within a view // 2.x Create route that'll process the form's post request // 3.x Create a database connection using .env file // 4.x Grab form input and insert into database // 5.x Add express-validation package // 6.x Validate user input on backend // 7.x Validate user input on frontend // 8.x Hash our user's password // 9.x Store user in database // Login user (update user session, return auth cookie) // 1. Install passport // 2. Configure passport with local strategy // Protect routes and only permit entry with authorization cookie // Create logout button // Create login page Video Timeline: ----------------------------- 00:50 - Why storing passwords in plain text is bad 01:36 - What is hashing? 02:35 - How to hash our users' passwords 03:05 - What is bcrypt? 06:01 - What is a salt? 07:08 - Testing out our hashing implementation To be continued... The Platform: ------------------------- http://chriscourses.com is a platform in progress whose goal is to educate aspiring and seasoned web developers via story driven learning. Each course tells a different story, and each milestone reveals a different scene. With an expansive universe to explore, you can track your progress, and gain the necessary skills needed to build your dreams. For updates on the progress of chriscourses.com and future videos, join the Chris Courses mailing list at http://chriscourses.com. Chris Courses Social: ----------------------------------- Twitter: https://twitter.com/chriscourses Facebook: https://www.facebook.com/chriscourses Christopher Lis Social: ------------------------------------- Twitter: https://twitter.com/christopher4lis CodePen: http://codepen.io/christopher4lis