JSFoo Pune 2019

JSFoo Pune 2019

JSFoo is a JavaScript conference hosted by HasGeek.

Shreyansh Pandey


How Not to Do Authentication in Node.js

Submitted Sep 30, 2018

Google the term “authentication in node.js” and you will be greated with thousands of tutorials on how to create a database table with the fields and verify the hash; that’s it. The problem is that security and authentication is not that simple; it can be easy, but you need to work a little for that. In this talk, we will go over some bad methods of authentication and then we’ll look at the good ones followed by a live coding session to show how easy it is to implement this in real life. The talk assumes that the audience does not hold a bachelor’s in applied mathematics just; if you do, it’ll be even better.



  • What? Why? How?
  • Bad ways

Effects of the bad ways

  • Common misconceptions about authentication and, in general, cryptography

Introduction to Modern Ways of Credential Storage

  • bcrypt, SHA-*
  • Problems with these methods

(Probable) Solutions:

  • NIST standards
  • PBKDF, etc.

Actual Solution

  • Dream crusher
  • Common mistakes
  • Easy, yet reliable methods


  • Bad solution (with JWT)
  • Average solution
  • Good solution



A laptop with the Node.js environment, a text editor and some zeal!

Speaker bio

A 19-year old programmer, amateur mathematician and a student from India. In the past 9 years I have honed my skills in Node.js, ReactJS, AWS and NoSQL databases with competitive experience in PHP and .NET (Windows Forms). My primary areas of interest are secure data channels, asymmetric cryptography, group theory and number theory with a pinch of applied geometry. Currently working as a backend developer at Isomr Studios Private Limited in India.




{{ gettext('Login to leave a comment') }}

{{ gettext('Post a comment…') }}
{{ gettext('New comment') }}
{{ formTitle }}

{{ errorMsg }}

{{ gettext('No comments posted yet') }}

Hosted by

JSFoo is a forum for discussing UI engineering; fullstack development; web applications engineering, performance, security and design; accessibility; and latest developments in #JavaScript. Follow JSFoo on Twitter more