It’s 2021 and authentication is still hard

Davide Vernizzi
3 min readApr 29, 2021

I bet you heard that authentication is hard somewhere. It is a well-known subject, and many people write about it. But it’s worth saying that once more: it’s 2021 and authentication is still hard. It actually got even harder: with every new technology, with every new service, with every new attack, authentication becomes harder and harder.

Image released with (CC BY-SA 4.0)

And not only it’s hard, it’s also vast. Many tend to forget this point; when you are building software and you think about authentication, you usually think of login and registration. But there’s much more. Signup and sign-in are just the tip of the iceberg. Below there is a lot more to cover, from silly things like email confirmation and password recovery to more complex others like multi-factor authentication or fraud detection.

The harm resulting from exposing your user passwords is huge; you will lose credibility, end up in the public list of exposures, and risk class-action lawsuits. But that’s just one side of the coin; sometimes your signup code will just stop working and, since it’s not part of the core of your project you will not notice, losing possible new customers. Also, security is a full-time job, that requires to dedicate people to keep track of new attacks, novel approaches, upcoming technologies, even UX trends.

For all these reasons (and many more), it’s never a good idea to write your own authentication framework, especially because there are many alternatives: Auth0, Okta are two of the main players, but there are also others. These services provide you with all the features you need to protect your application.

However, we think that there is a gap in the offering. Some of the most prominent solutions are closed source, and we believe that a component so important should be open-source. The existing open source solutions are old and we feel that there is a place for improvement. That is why we have decided to build Saasform, an open-source authentication framework designed to be used in SaaS projects.

Our idea is that authentication is one of the features that are necessary to launch a SaaS but are not part of the core set of features that SaaS developers want to work on. And since it’s hard and vast it’s a bad idea to let your developers focus on that part. In addition, we think that besides authentication other features belong to this category. We started to integrate payments with authentication because they go well hand in hand (after all, as a SaaS, you don’t only want to know who your user are, but also which plan they bought), and we will continue with other functionalities like chatbot or analytics.

We worked hard to provide the easiest and fastest way to integrate Saaform with your project and we keep making it easier release after release. We are committed to providing 20% of the features that will cover 80% of the cases and will help SaaS founders to launch faster. And since everything is open source you always have control of your data and your users.



Davide Vernizzi

Fullstack dev with 15 years of experience. Now working on an open source authentication framework. Prior I earned a Ph.D in computer security