Improve Password Security: fixes #5

jeremybradbury / express4-https-bearer-token-mysql-api

Express 4.x HTTPS API app using Passport Bearer tokens with a MySQL backend.

The Unlicense

1 stars 0 forks source link

Closed jeremybradbury closed 7 years ago

jeremybradbury commented 7 years ago

users can no longer chose a passwords... they are generated XKCD style (>44 bits of entropy)
added nodemailer to email said passwords
removed MD5 password hashing
added BCrypt password hashing
added a password reset that requires no token