Good Videos. Thanks for sharing the potential security flow by looking at the speed of response. Would love a video on list of things a Bad Actor could do to cause harm to your site. 

Also do you have any links or references to learn more whats happening under the hood with the `user.authenticate` method. Also can we change the encryption algorithm from bcrypt to something else? 

 ☒ Gothcha. So if one wants to replace BCrypt with something like Pufferfish2, they should just not include the `has_secure_password` and then just create `authenticate_password`, `password=` method on there own.