I see myself as quite competent, but I still wouldn't trust myself to catch all the nuances. And even if I could it would be too much work for every new project.
I think this is a good argument for the existence of a suite/library that manages things like password storage, recovery, validation, etc. Integrating everything from using good salts and hashes to captchas and retry delays.
I think this is a good argument for the existence of a suite/library that manages things like password storage, recovery, validation, etc. Integrating everything from using good salts and hashes to captchas and retry delays.