Ghaleb
Posted on May 30, 2021
In the first part of this series, I introduced the general factors that generally make up a good project. Today, I will be suggesting a project idea, why it works, and some recommended features.
I will also share a few resources that can be useful for full-stack developers when creating this project. The idea itself is not limited to web development, but I will be discussing it from the perspective of full-stack web developers.
The Project: A Password Manager
Password managers are not a new idea by any means, and managing passwords is not an unsolved problem.
There is a large number of solutions out there, so you will not be in lack of resources for inspiration. The large number of solutions, however, should not discourage you from implementing one yourself.
I believe a password manager is comprehensive enough to be a good addition to most, if not all, portfolios. It is also complex enough to help you show your skills.
Security is a very important component of any full-stack project, and password managers employ a suite of security concepts. Presenting a password manager not only equates presenting essential skills for full-stack development, but also your familiarity with security concepts. A password manager is also a useful project.
It is one thing when you build an unpublished, dummy project. It is another thing entirely when that project is in active use. A published project conveys confidence in the implementation, and makes your sales pitch more convincing.
A password manager is not limited to a small audience; it is useful to almost everyone. As such, finding a decent number of users in your circle of friends and family is not hard.
I do have one warning here:
If you are not at all familiar with concepts of security, or you do not intend to maximize security, then limit the users of the project to yourself, and avoid sensitive data (or keep it local).
Another great aspect of this project idea, is that it inherently involves user management and non-trivial CRUD operations. A couple of unrelated tables (or document collections if you wish to use something like Firebase) will not be enough for a decent implementation.
So, even if you do not care about maximizing security, your project will check most boxes in the list of skills needed for your full-stack position.
Why it Works: Key Factors
1. Problem statement
The importance of a password manager is well documented and is only expected to increase. As a matter of fact, password managers have become necessary if a user wishes to claim security.
So, problem statement: β
2. Data persistence
Another obviously present component in this project. More importantly, the data model required for a proper password manager is not overly simple.
At the very least, a basic - but useful - password manager needs to handle users, roles, and multiple types of secure items (not just accounts' passwords).
So, clearly, data persistence: β
3. Decent scope
The scope of your application primarily depends on how much work you intend to invest in it. To justify this project idea however, we should discuss the minimal functionality required.
The core features would be:
- Authentication & authorization
- Client-side encryption & decryption of data
- A secure, random password generator
Other good-to-have features could be:
- Custom fields for secure items (allow user to add, remove, and rename fields of whatever secure items they wish to store)
- Editable templates of secure items
- Sharing encrypted data among users (public key encryption)
- Authenticating stored items (use case for HMAC)
- Master password reset (not a trivial problem to solve since the forgotten master password is needed to decrypt stored items)
All the features above are important. You can either create a basic application with the core features, or expand it with the good-to-have features. Either way, you are still no where near nice-to-have features, and the scope of your application is already non-trivial.
Decent scope: β
4. Clean architecture
Mostly because of the 'decent scope', you will increasingly suffer as you work on your project if you are not applying good coding practices.
In other words, a project like this one almost forces you to carefully consider your architecture properly before implementing.
This will be your responsibility as a developer. It cannot really be expanded upon here without explicitly discussing an implementation, which is beyond the scope of this article.
Note that it might be a good idea to document your architecture if you intend to showcase your project later on.
Clean architecture: β
Why it Works: Bonus Points
1. Encryption vs Hashing
Remember, this is a project that emphasizes security. You do not have the option of storing passwords in plaintext and claiming that this is a dummy project and you wanted to focus on core functionality :)
You will have to hash users' authentication passwords and encrypt their secure items. That means you will need to understand the exact differences between the two concepts, as well as the differences between the different algorithms within each realm. You will also need to understand best use cases for different algorithms to justify your choices.
In short, this project helps you demonstrate good working knowledge in different security concepts.
2. API consumption (optional)
This was listed as an optional key component of a good project in my previous post. You will probably not need to consume an API for the core functionality of this app, but you can get creative with nice-to-have features.
This is entirely optional, but you are expected to deal with APIs as an engineer, and as such, there is no harm in demonstrating comfort in using them.
Conclusion
A password manager involves all the key components discussed to make a project fit for a full-stack developer's portfolio.
More importantly, however, it also forces you to learn security concepts. These concepts are extremely relevant but often ignored or forgotten in projects, because they are not required for the app to function.
Resources
Here's a list of resources that may be useful to building this web-based password manager:
-
How Password Managers Work - Computerphile
- I cannot recommend this video enough
-
CryptoJS
- A JavaScript crypto library
- Includes hashing and encryption algorithms
- Lacks asymmetric encryption
-
TweetNaCl.js
- A JavaScript crypto library focused on encryption
- Includes asymmetric encryption but lacks HMAC & PBKDF2
-
seedrandom
- Seeded random number generator for JavaScript
- Might prove useful for a secure password generator
Posted on May 30, 2021
Join Our Newsletter. No Spam, Only the good stuff.
Sign up to receive the latest update from our blog.