gustafl
commented
6 years ago Consider starting with Basic Authentication and HTTPS using cert from LetsEncrypt. https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication https://www.npmjs.com/package/greenlock https://git.coolaj86.com/coolaj86/greenlock-express.js
Hash and salt appears to be the way to go. I need to read up on how to do it properly. The site needs its own login method, apart from others (Google, Facebook etc.) we want to support.
https://crackstation.net/hashing-security.htm https://ciphertrick.com/2016/01/18/salt-hash-passwords-using-nodejs-crypto/ https://github.com/jedisct1/libsodium