DEV Community

Discussion on: How to Process Passwords as a Software Developer

Collapse
 
michaeljkelly profile image
Mike Kelly

Good suggestions.. But the best is, there is no need to do this yourself. Use Auth0, AAD, AWS Cognito,... Lots of good Auth as a Service options that allow you to not worry about this. As MFA continues to evolve (are YOU going to write FIDO2 support code?) it makes sense to leverage a service for this.

Collapse
 
nathilia_pierce profile image
Nathilia Pierce • Edited

Thank you. Unfortunately, someone has to do it. I'm certainly not recommending every software developer to go out there and implement their own authentication system.

And at the very least, software developers should know how to do it properly / understand how it works and should be, even if they don't implement it themselves.

While people keep suggesting to go use an existing service to solve their authentication problems, what if the developers maintaining the existing services don't implement things correctly?

And using existing services is not always ideal.

Everyone makes mistakes, even the experts.

Collapse
 
nylen profile image
James Nylen

The downside is these are often a nightmare to debug when something goes wrong. Auth0, I'm looking at you here.

Collapse
 
sandrinodimattia profile image
Sandrino Di Mattia

Offtopic: James, sorry to hear about your challenges when it comes to debugging in Auth0. If you have any specific feedback on what we can improve or details about the challenges you faced, feel free to shoot over an email to sandrino at auth0.com