YAGNI and Agile
One of the hardest things to do in software development is to respect “you ain’t gonna need it” and “keep it simple stupid”. Every time I go to implement a feature, I can think of 50 extra things I should do to make it ‘complete’ and exactly what I want. It is so helpful to hit things with an Agile and iterative frame of reference. Build an MVP(minimum viable product) and publish! Extra features can come later as they are actually needed.
Recently I was working on a login page. Very simple and shouldn’t take long, right? So first I implemented the bare minimum, users with hashed passwords and a simple ‘login failed’ or setting up session and pushing to the home screen.
Then the things it should also have went through my mind.
- Login pass/fail Tracking
- Password resets
- User unlockouts
- Login with your email
- Brute force alerting
- Remember me
- CAPTCHA
- Security questions
- Pretty HTML emails for various alerts
- A Linux-like password storage format to allow for forwards/backwards compatibility and different algorithms
- Verify timing doesn’t change for the various failure reasons(so a bad actor can’t figure out if a user exists by how long the failed password request takes)
- Audit cookie security
- Login with Facebook etc.
- Two factor authentication
I could now spend a week setting all this up instead of building features that really bring the product forward. These are all great features, FOR LATER!
The Agile approach – small bite sized increments is great here. I wouldn’t want to give all the features to QA or the customer at the same time. It’s too much. First deliver your MVP and iterate from there. You’ll probably find out no one would have usedĀ half of the nice-to-haves that you thought would be good to have, so you can spend your time on the important stuff!