At sign-up, all user passwords are hashed using bcrypt before being stored.
Upon logging in, users are provided an authentication token, which is generated using JSON Web Token (JWT). This is valid for 4 days. All further interaction with the application is done by providing an authorization header using this token.
Password requirements
Passwords to the Wondering web application are required to meet the following standards:
Password must be at least 8 characters.
Password must contain a number
Password must contain a letter
Password must not be the same as your email address