Better Auth, by a self-taught Ethiopian dev, raises $5M from Peak XV, YC

(techcrunch.com)

282 points bundie | 1 comments | 25 Jun 25 18:07 UTC | HN request time: 0.325s | source

Show context

jtms ◴[26 Jun 25 03:25 UTC] No.44383929[source]▶

"Better Auth’s pitch is simple: Let developers implement everything from simple authentication flows to enterprise-grade systems directly on their databases and embed it all on the back end."

Its absolutely bonkers to me that web development has gotten to a point where this is a novel pitch. Up until not that long ago ALL auth was done directly in your own database and embeded in your own backend. Am I missing something?

replies(6): >>44384028 #>>44384484 #>>44384540 #>>44384697 #>>44385855 #>>44387250 #

rafram ◴[26 Jun 25 03:49 UTC] No.44384028[source]▶

>>44383929 #

Yeah and it was terrible. Your password would be stored as an unsalted MD5 hash if you were lucky.

Enterprise customers did the math on what a security breach lawsuit could cost and started demanding verifiably decent security, which meant some off-the-shelf off-premises solution.

That’s basically where we are now, and it’s the reason that most of Better Auth’s users are early-stage startups — they need to scale quickly, and they don’t have many pesky enterprise/governmental customers who might want to see a certification.

replies(5): >>44384080 #>>44384145 #>>44384715 #>>44385363 #>>44386648 #

nwienert ◴[26 Jun 25 08:27 UTC] No.44385363[source]▶

>>44384028 #

What are you talking about?

I was 14 learning PHP in 2003 and every tutorial insisted you salt and use a more secure hashing algorithm.

It’s weird to see people say things so boldly that are so wrong.

replies(2): >>44386048 #>>44387768 #

1. koakuma-chan ◴[26 Jun 25 10:40 UTC] No.44386048[source]▶

>>44385363 #

I unironically smell a conspiracy here.

↑