I've tried my hand at building my first back end (I am front end dev) with a fair amount of success. I used the MEAN stack. My core functionality is coming to an end and I need to start considering security. All I am using at the moment is jsonwebtoken. What else can I implement or add to improve the security? What are some common practices that can make my app more secure? What are some things I need to consider?
For the user login I used this tutorial for beginners - which was great by the way.
I've been building my first back-ends recently as well. One thing you could consider, if you haven't already, is to hashify the passwords so you don't store them in plain text. I have been using bcryptjs. Hashes are much harder to guess and password attempts get hashed and verified with the hashes you have in your back-end.
If this is something you haven't done yet, make sure to use bcryptjs and not just bcrypt. The js version is written natively in Javascript whereas the original is just a JS wrapper over C (iirc) which can cause issues.
Also, great npm package for logins (including social logins) is satellizer. It works plays very nicely with the MEAN stack. If you are using cookies at the moment, it will take a bit of a refactor but once you set it up and learn what it does it will make things a lot easier going forward. Social logins are complicated, but it will make your site more secure to include big and secure companies in your authorization and authentication process.
Hope this was helpful and not too late! Good luck with your skill building!