Latest: 4.2 (Done!)
Auth:
- User Interface and Experience
- Adding Google Auth
- Session Management (remember option to keep users logged in)
- Session Expiry
- Privacy Policy and Terms of Service confirmation and user agreement during sign up.
- Security Enhancement
- Rate Limiting: Implement rate limiting to prevent brute-force attacks on login attempts.
- Password Strength Indicator: Provide real-time feedback on password strength to encourage users to use stronger passwords.
- Account Lockout Policy: After several failed login attempts, temporarily lock the account or require CAPTCHA.
- Error Handling and Feedbacks
- Sign up dialog (confirmation of signing up success and ask user to check email for confirmation)
- Forgot Password (explanation, as of now when user try to reset their password, after they input their email, there’s nothing happen, despite they will get an email asking for reset password, there must be a message to tell the user to check the email, or that forgot password request is successful)
- Wrong Password / Account have not created etc (a detailed error messages, telling either the email not yet verified, no account with this email, invalid credential for wrong password)
Implementing email verification handling
- Adding password reset functionality
- Copywriting for Sign Up : email
SPA/Better Flow
- Sign Up
- Verify Email - Confirm at Email
- Re-login with verified email
- Need to update email CSS/HTML using Resend for this matter.