While storing user credentials for authentication in the user collection, we made sure that the original password string provided by the user was never stored directly in the database. Instead, we generated a hash of the password along with a salt value using the crypto module in Node.

In user.model.js from our applications, we defined the following functions to generate the hashed password and salt values:

encryptPassword: function(password) {    if (!password) return ''     try {      return crypto        .createHmac('sha1', this.salt)        .update(password)        .digest('hex')     } catch (err) {      return ''     }  },  makeSalt: function() {    return Math.round((new Date().valueOf() * Math.random())) + ''   }

With this implementation, every time a user ...