March 2020: Security Improvements, Huge Performance Gains, and Better Automated Testing

The March 3 update, while solving some crucial bugs, was a bit on the light side. That's because there's been a large amount of separate work done for an upcoming update that completely overhauls everything from the login process to the server logic, which I will detail below. Please note, this post gets a little technical!

Getting Ready for Version 1.0

As we get closer to the end of early access and the full launch of Budgetwise, there are several things that needed to be addressed.

Onboarding Tutorials Are Almost Complete
I've been working on the onboarding steps for a while now, and this week I should start sending them out to a handful of users (thank you for volunteering!) to get feedback before releasing it.

Performance Gains
In anticipation of an upcoming mobile app and some more complex features (goals, for example), there was a need for much better performance across the board - especially as a user with lots of transactions and categories.

Every layer of the application is being touched, from the way the database is structured to the information passed onto the browser, with optimization in mind. To give a more concrete example of the type of gain you can expect, a calculation that may have taken 1-3 seconds to complete before will take less than 50 milliseconds once the new changes are in place.

The API itself is also being reworked to get ready for the mobile app that will share it, with an emphasis on performance even on lower-end devices and slower network speeds.

Security Improvements
Around the same time the above-mentioned performance improvements are released, Budgetwise is moving completely to Amazon Web Services (AWS) as it is much more secure, flexible, and can easily serve our needs as we continue to grow. You can read more about AWS's emphasis on security here: https://aws.amazon.com/security/

We are already storing as little as possible about each user (email, and hashed password), but we can do more. The login process will change a bit as we are no longer going to store hashed passwords of any kind, and all authentication will go through Auth0, an industy leader in authentication security that's GDPR, SOC 2 Type II and PCI compliant. All password resets and account management will go directly through them so our database never has your login information stored in any way. You'll also be able to log in using a Google account, and later this year Multi-Factor Authentication will be added. You can read more about Auth0's security here: https://auth0.com/security/

Better Automated Testing
All these changes offered a good opportunity to increase Budgetwise's stability and code integrity. The data coming in or going out will be subjected to more strict unit testing, where key pieces of functions are subjected to numerous different scenarios to make sure nothing is out of place.

Also, end-to-end testing is being added to help fight any potential bugs that may come up during edge cases. This type of testing is important because it will let me automate certain tasks and get a report on how well it performed, instead of manually going in to test various user workflows.

Closing Thoughts
There's no hard date on when these vast new changes will come out yet as we are having a baby that may arrive any time now, but there is lots of progress being made each and every day to ensure it's out as soon as possible.

There may be one or two light releases full of only bug fixes and improvements, as it wouldn't make sense to build out some large features if they'll require a serious reworking with this new update. Once we flip the switch on the new changes, you will see a rather quick deluge of some great features and improvements soon afterwards.