It was sometime last year I had come across the mantra of "Make it work, make it right, make it fast, in that order." Since then, numerous projects of mine ranging from personal side projects to group projects during my studies at university have taken this approach towards development, with an emphasis on the first two points of making it work and making it right.
Moving into 2026, I'm expected to graduate after my four years at university as well as having the opportunity to take higher level courses and work on group projects during that time. After such, I'm expected to find a career-starter job while having a bit more free time and some less stress on my hands. This gives me some time to focus on some of my skills and hobbies both professionally and non-professionally.
Looking back at some of the projects that I've even worked on in the past 1-2 years, I've realized that I've made some critical mistakes and/or oversights that violated the principle of making it right. Many times it comes from lack of knowledge of certain topics while some of it comes from taking shortcuts. Within the context of web development in my case, this can look like handling login authentication improperly/insecurely, neglecting JWTs, ignoring accessibility, among a few others.
In some of these cases, I have run into the issue of having to implement of these, but opting to implement them in a similar manner that may be quicker to develop but not exactly adhering to the standard that many other websites and services use.
Starting recently, I have moved to try and touch on this issue, developing applications with a focus more on making it right. A prime example being a simple password manager project required by my Security and Privacy in Computing course taken last semester. In this project, I played a huge role in implementing a Secure Remote Password (SRP) protocol, to properly use zero-knowledge authentication, while properly handling session tokens.
For this, proper encryption using Argon2 and AES-256 and hashing using PBKDF2 was implemented starting at the registration phase, and used during authentication and database encryption, an approach taken by many password managers available today. The final product resulted in a gain of knowledge that I can carry into future work, as well as confidence that the authentication strategy implemented can be secure given the provided use case.
2026 and beyond...
Looking further into 2026, I plan to continue to develop projects with a focus on making it right. Doing so will only improve my knowledge on some potentially more complex concepts, will result in more polished products, and will build a foundation for future work. After I'm comfortable with doing such, it may be time to improve some of the strategies and approaches I take for making it fast.