DEV Community

Discussion on: Authentication in NodeJS With Express and Mongo - CodeLab #1

Collapse
 
animir profile image
Roman Voloboev

Thank you for the article!

It is better to have one error message User not exists or Incorrect password instead of two different because of security.

I suggest you to add login brute-force protection with rate-limiter-flexible package. You can read more here