←back to thread

Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

(techcrunch.com)
282 points bundie | 3 comments | 25 Jun 25 18:07 UTC | HN request time: 3.035s | source
Show context
jtms ◴[26 Jun 25 03:25 UTC] No.44383929[source]
"Better Auth’s pitch is simple: Let developers implement everything from simple authentication flows to enterprise-grade systems directly on their databases and embed it all on the back end."

Its absolutely bonkers to me that web development has gotten to a point where this is a novel pitch. Up until not that long ago ALL auth was done directly in your own database and embeded in your own backend. Am I missing something?

replies(6): >>44384028 #>>44384484 #>>44384540 #>>44384697 #>>44385855 #>>44387250 #
rafram ◴[26 Jun 25 03:49 UTC] No.44384028[source]
Yeah and it was terrible. Your password would be stored as an unsalted MD5 hash if you were lucky.

Enterprise customers did the math on what a security breach lawsuit could cost and started demanding verifiably decent security, which meant some off-the-shelf off-premises solution.

That’s basically where we are now, and it’s the reason that most of Better Auth’s users are early-stage startups — they need to scale quickly, and they don’t have many pesky enterprise/governmental customers who might want to see a certification.

replies(5): >>44384080 #>>44384145 #>>44384715 #>>44385363 #>>44386648 #
1. pipes ◴[26 Jun 25 06:29 UTC] No.44384715[source]
I called my doctors surgery because I couldn't login into their web bookings site. The receptionist said "I'll check your password" then she "oh it's all funny characters" and I realised she was reading my real password that was generated by my password manager. This was only a few years ago.
replies(1): >>44385383 #
2. motorest ◴[26 Jun 25 08:30 UTC] No.44385383[source]
The most concerning part about the belief that bootstrappy self-taught hackers are able to tackle any type of problem just as well as experienced engineers with a solid academic background is how the ignore the fact that hacking together an implementation is a very small part of the problem, and actually knowing the problem domain is of critical importance.

This is why we end up with businesses running services where a receptionist has access to customer passwords. Those who designed the system weren't even in a position to understand why that was a critical flaw in the design, let alone a problem that needed fixing.

replies(1): >>44386031 #
3. koakuma-chan ◴[26 Jun 25 10:37 UTC] No.44386031[source]
That system was probably designed 30 years ago, and small businesses continue to use them. Happened to me as well.