re: Securing your express/Node.js API with Firebase auth VIEW POST

TOP OF THREAD FULL DISCUSSION
re: If they have a plain text password I entered and I am a normal user, wouldn’t the thought be that I’ve reused this email / password combination els...

Yeah, but if every app did authentication the same way you are suggesting then their hashed password is still all that will be needed in a case of compromise. Your client code can be accessed on the browser so your hashing algorithm isn’t really hidden. My advice to you is just always have ssl.
Hope this guides you.
stackoverflow.com/questions/371592...

Thanks for taking the time to answer these quandaries.

Last one: even if an attacker has both access to a hash and the hash function, if that hash function is secure, they still can’t reverse that to get the password, correct?

code of conduct - report abuse