This June, I’m organizing BharatHacks, a hackathon for solving India-specific problems. Programmers, designers, engineers, and entrepreneurs will come together to build products to make lives better. Organizated in collaboration with Facebook Developer Circle Delhi-NCR, BharatHacks will help you take your idea forward, from hacking to raising investment and launching your product in the market.
I took fifteen minutes to make some strategic design changes to Zomato’s Android app. I wrote extensively about the iconography, typography, and role of actions in the app’s user experience. I wrote this article originally in March 2016 for the Zomato Android team and publically published it in April 2017 since Zomato decided to implement most of my design changes.
Just a little bit of background about my college “situation”: I graduated from highschool in April 2016 and joined the Unitedworld Institute of Design (UID) in Ahmedabad, Gujarat, after working at the Government of Delhi for a month. UID was an excellent college for people who want to study design using the fundamentals of art. I’ll push in an update if I decide to join a program.
A few days ago, I tried to reset my password on PR.com, the press releases website. I entered my email, and they sent me the username and password in plain text. That’s right, in plain text.
The problem with this method of password storage is that if anyone gets access to your database, they can literally just see the passwords. This is why hashing is used, which converts the plain text password to an encrypted “hashed” version that is, in an ideal world, undecryptable. The problem with this hashing is really about how hashing fundamentally works: collisions are not uncommon, i.e., multiple strings could have the same hashed string.
This is usually how the process works: A user logs in, and a token is generated. The token is stored on the client (usually in a session, lately also as a local storage object). Then, to call an API, the view also sends the token. The server checks the integrity of the token and returns the relevant response. Each token contains a “private key” of sorts that only the server could’ve created. JWT does this really well. My way includes a hashed username and timestamp.