There are also other more contemporary things like Kafka, Firebase and RethinkDB that you might take advantage of for more "realtime" data solutions. Streams seem to kind of be a big thing these days.
For security, I generally try and do something like OAuth and defer the credentials, it's pretty easy to support a wide variety and you can look at Auth0 or something too, in addition it's a really good idea to use a 2-factor auth solution as well, text a code or use a code generator like Google or Authy.