Welcome to My Blog
An introduction to this technical blog and what you can expect to find here.
Read moreNotes on backend development, authentication, and building things.
An introduction to this technical blog and what you can expect to find here.
Read moreI wanted to actually understand authentication, not just copy-paste from tutorials. So I built a 2FA service from scratch.
After trying several approaches, here's how I handle auth tokens in Aegis2FA and why.
I implemented TOTP from scratch to understand what happens when you scan that QR code. Here's what I learned.
When building Aegis2FA, I had to choose a password hashing algorithm. Here's why I went with Argon2id.
I added rate limiting to Aegis2FA after realizing how easy brute force attacks are. Here's what I learned.
I set a test coverage goal for Aegis2FA. The number didn't matter as much as what writing tests forced me to think about.
I wanted to deploy Aegis2FA without paying for hosting. Here's the stack I ended up with.