Seeking Ideas for Enhancing User Authentication Flow

[Hamed-Hasan]

Hello Community!

I’m currently refining the user authentication process in our Flutter-Node AI Blog Application and I’m looking for some feedback and ideas.

Current Implementation:
Our current setup includes JWT for sessions, with a Node.js backend managing the tokens. While this works well for maintaining stateless interactions, I’m exploring ways to improve security and the overall user experience.

Some areas I’m considering:

1. Implementing two-factor authentication (2FA) for an added layer of security.
2. Integrating OAuth to allow users to sign in with external accounts like Google or GitHub.
3. Enhancing password policies to ensure strong user credentials.

I would love to hear your experiences or suggestions on these topics, or any other innovative authentication methods you think could benefit the project.

Questions to ponder:

• Have you implemented 2FA in your projects? If so, what tools or services did you use?
• Are there particular OAuth providers you’ve found to be more reliable or user-friendly?
• What best practices do you follow for creating and enforcing strong password policies?

Thank you in advance for your insights and advice. I’m looking forward to our discussion!

Best,
Hamed Hasan

[HamedHasan70]

Hello,

initiative on enhancing the authentication system! I have implemented 2FA using Authy's API, which I found to be very reliable. It offers a good balance of security and user-friendliness. For OAuth, Google's OAuth 2.0 implementation has been my go-to because of its extensive documentation and broad user base. Regarding password policies, I enforce a combination of minimum length, symbols, numbers, and both upper and lower case letters. Additionally, I regularly remind users to update their passwords and never use sequential or repetitive characters.