MyFinancier is a web application that lets the user do their own accounting in the simplest way possible. The user uploads their monthly earnings and spendings report in the form of a CSV file, and the application will do the rest: It shows where money was spent and earned, all in the form of tables and easily understandable graphs.
MyFinancier grew out of a team that loves to keep track of their finances. Keeping track of their monthly spendings and earnings was previously done with Excel, and they had even programmed themselves a desktop version of MyFinancier for personal use. Because the application had gotten old, they decided it was time to take it all to another level in both a visual and technical sense.
When it comes to other people’s finances, privacy and the knowledge that your data is safe are essential. This is why we needed to find the safest possible way to store user data without the risk of getting hacked.
Process
Creating such a tool includes both design and development resources. Our design process followed a tested-and-proven framework, starting from user journeys and wireframes, and then moving on to a visual interface.
When it comes to development, in order to avoid any information leaks into the database, all the encryption gets done on the front-end side of the browser, by the user’s computer. The technique we use is called Salted Challenge Response Authentication Mechanism (SCRAM for short).
SCRAM is a password-based mutual authentication protocol designed to make an eavesdropping attack (i.e., man-in-the-middle) more difficult. In this way, the client can prove to the server that they know a secret that is derived from the user’s password, and the server can prove to the client that it knows the password without sending the password from the database itself. We used AES-GCM to ensure that the encryption on all the users’ data would be rock-solid and that the chances of a hacker breaking in would be essentially zero.
Result
As a result, we made a beta version of a web application with an easy-to-use interface and cryptography technology to keep the data safe. The MyFinancier team has developed the product even further, and today, they already have about 1,000 active users.
NOPE and gotoAndPlay helped us create a strong foundation for our MyFinancier web application. It was very pleasant to work with a team that was always ready to work together with us to create solutions that are somewhat outside of the traditional boundaries. We can definitely recommend NOPE and gotoAndPlay to others because they are trustworthy and excellent at what they do. They do their work with passion and this is reflected in the results.
