JSFoo Pune 2019

JSFoo is a JavaScript conference hosted by HasGeek.


How Not to Do Authentication in Node.js

Submitted by Shreyansh Pandey (@weirdpanda) on Sunday, 30 September 2018

Technical level: Intermediate Status: Rejected


Google the term “authentication in node.js” and you will be greated with thousands of tutorials on how to create a database table with the fields and verify the hash; that’s it. The problem is that security and authentication is not that simple; it can be easy, but you need to work a little for that. In this talk, we will go over some bad methods of authentication and then we’ll look at the good ones followed by a live coding session to show how easy it is to implement this in real life. The talk assumes that the audience does not hold a bachelor’s in applied mathematics just; if you do, it’ll be even better.



  • What? Why? How?
  • Bad ways

Effects of the bad ways

  • Common misconceptions about authentication and, in general, cryptography

Introduction to Modern Ways of Credential Storage

  • bcrypt, SHA-*
  • Problems with these methods

(Probable) Solutions:

  • NIST standards
  • PBKDF, etc.

Actual Solution

  • Dream crusher
  • Common mistakes
  • Easy, yet reliable methods


  • Bad solution (with JWT)
  • Average solution
  • Good solution



A laptop with the Node.js environment, a text editor and some zeal!

Speaker bio

A 19-year old programmer, amateur mathematician and a student from India. In the past 9 years I have honed my skills in Node.js, ReactJS, AWS and NoSQL databases with competitive experience in PHP and .NET (Windows Forms). My primary areas of interest are secure data channels, asymmetric cryptography, group theory and number theory with a pinch of applied geometry. Currently working as a backend developer at Isomr Studios Private Limited in India.




  •   Zainab Bawa (@zainabbawa) a year ago

    Hello Shreyansh, your email address does not work. I have moved your submission here, since this is the next edition of JSFoo after the Bangalore edition. Do you ok to your proposal being considered here?

Login with Twitter or Google to leave a comment