Comment by nifemi1234

Thank you for your amazing suggestions @rokoss21

The account lockout mechanism really stood out to me—it's a standard feature in security-first systems that I completely overlooked. I'll definitely look into implementing that to mitigate brute force risks.

Regarding encryption at rest, it is the most important takeaway from your advice. Would you advise I handle encryption at the application level or at the database level? I'd love to hear your thoughts on the trade-offs.