Patterns for Password Authentication You Should Follow | by Stefan Pfaffel | Mar, 2022

paint falling on a white umbrella
Photograph by Divya Agrawal on Unsplash
  • decrease case characters
  • uppercase characters
  • at the very least one digit
  • at the very least one particular character
seven characters — .29 milliseconds 8 character — 5 hours 9 characters -5 days 10 characters — 4 months 11 characters — 1 decade 12 characters — 12 centuries
Picture from Estimating Password Cracking Times (
const bcrypt = require('bcrypt');
const saltRounds = 10;
const myPlaintextPassword = 's0//P4$$w0rD';
bcrypt.hash(myPlaintextPassword, saltRounds, operate(err, hash)
// Retailer hash in your password DB.
import;BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();  String consequence = encoder.encode("password");
  • Discover registered customers/e mail addresses
  • Crask a person’s passwords to realize entry to their knowledge
Invalid username or password message discovered on npm | Sign In (
  • Cut back the lifetime of the reset hyperlink to at least one hour, for instance.
  • Be sure that the reset hyperlink has no identifiable data to permit an attacker to guess reset hyperlinks of different customers.
  • Invalidate all lively periods of the person that requested the password request.
  • Guarantee customers can solely use the reset hyperlink as soon as.

More Posts