As a web developer, a common task undertaken for nearly any application, is a implementing user account controls. For all of those apps though there are different some fairly universal practices for keeping the accounts secure.
https://cloudplatform.googleblog.com/2018/01/12-best-practices-for-user-account.html?m=1
-
Hash those passwords
-
Allow for third-party identity providers if possible
-
Separate the concept of user identity and user account
-
Allow multiple identities to link to a single user account
-
Don’t block long or complex passwords
-
Don’t impose unreasonable rules for usernames
-
Allow users to change their username
-
Let your users delete their accounts
-
Make a conscious decision on session length
-
Use 2-Step Verification
-
Make user IDs case insensitive
-
Build a secure auth system