I've been recently learning my way around web dev. Most of it is straightforward enough, but security is my sticking point. Everything on the web is contradictory, half explained, and rapidly changing. Seems like you know your way around best practices. Can you point to a decent trustworthy tutorial/book on how to handle logins and identity? Seems like lesson one is "don't implement it yourself" and lesson two is never quite spelled out.