Absolutely disagree. You shouldn't roll your own bcrypt, but you should have full knowledge of how it's used to offer authentication. Hell this is required to even move forward with sales in many enterprise software contexts. If you don't know how passwords work, for the love of god don't offer password-based login.
Exactly. It is not the implementation of the auth module that matters to me so much as is the API through which it slots into the rest of the system. I want the expert designed modules that I can plug various systems into.
Because we haven’t seen good frameworks at the user management level, I think, the mistakes made by the creators of that YT video are common in the industry.