Often times security can be an afterthought for early stage startups and side projects. A founder or builder may not think they need to secure their users especially when they don’t have very many users in the first place. Many times security isn’t properly addressed until they have sufficiently scaled.

What are some implementation tips?

Here are a set of tips that can be used in the early stage of building:

• Use managed solutions that have security built-in. If you’re using Firebase for your DB make sure you implement security rules.

• Don’t build your own login or signup unless you absolutely need to. There are plenty of open source as well as managed free solutions for authentication and authorization. For example, Keycloak provides a full access management platform in addition to login/signup. Other options like Firebase auth or AWS Cognito are also very popular.

• If you have absolutely have to build a custom login solution make sure you are properly hashing and salting your passwords. Using a week hashing algorithm like MD5 can be easily cracked via rainbow tables you should use industry standard hashing and salting.

• Provide users with the option to enable 2 Step Verification. There are plenty of open source solutions to set up 2 Step Verification that work off the shelf.

• Use Secure Cookies to store auth tokens to prevent them from being stolen via injected scripts.

Build Security First Apps and Products

Don’t let security be an afterthought build apps that are secure from the beginning! Your users will thank you!