-create random password reset tokens with expiry dates
-deny access to JWT after password change
-prevent Cross-Site Request Forgery (csurf package)
-require re-authentication before a high value action
-implement a blacklist of untrusted JWT
-confirm user email address after first creating account
-keep user logged in with refresh tokens
-implement two-factor authentication
-implement maximum login attempts
-create random password reset tokens with expiry dates
-deny access to JWT after password change
-prevent Cross-Site Request Forgery (csurf package)
-require re-authentication before a high value action
-implement a blacklist of untrusted JWT
-confirm user email address after first creating account
-keep user logged in with refresh tokens
-implement two-factor authentication
-implement maximum login attempts