diff --git a/README.md b/README.md
index 07a853321a5ef7179e1a7c13895d4eed67c416e5..37225b527b3d336556e0c7e542bb7388dcab3a00 100644
--- a/README.md
+++ b/README.md
@@ -37,15 +37,18 @@ In order to get the smtp working with Google's Gmail it is necessary to:
 - 3. Enable GMail API for your project. In the Platform's hamburger menu icon look for "APIs & Services > Enabled APIs & services", and click the ENABLE APIS AND SERVICES button. Then in the opening website, search for "GMail API" and enable it for your project.
 - 4. create OAUTH client id credentials for your project; see https://developers.google.com/workspace/guides/create-credentials . Here in step 6 "Add authorized URIs related to your app" select Server-side apps (Java, Python, .NET, and more) and add your teams azure website's http(s) address.
 - 5. Finally, the reason why not to use smtp to send emails: Go to https://myaccount.google.com/ (you should go to correct address when you press enter while you're signed in) and look/search for "less secure app access". Turn it ON.
-- 6. Create your first test admin. i.e., DO NOT SEND EMAIL TO YOUR MENTORS! There are different ways to do it explained in the code.
+- 6. Create your first test admin to receive email, i.e., DO NOT SEND EMAIL TO YOUR MENTORS! There are different ways to create the test admin explained in the code.
 - 7. then try running the code locally (it should succeed sending an email to your selected individual if that address has been included in your projects test users/email addresses.)
-- 8. then put the environmental variables both to your gitlab variables and to that correct place in azure.
+- 8. then put all the necessary environmental variables both to your gitlab variables ("Settings\CI/CD\Variables") and to your Azure project's "Application settings" in "Configuration". These variables include the FLASK_SECRET_KEY.
 
 ### Notes: 
     - You might get asked to add email addresses to your projects test users. Do add them.
     - You might have to go through some privacy concent creation on Google side. Fill them up!
-    - You need a test user who is an admin in your database (of users collection) with real email address to recieve emails
     - Since the code runs with "less secure app address" you can get emails from Google telling you to turn this setting off. Ignore, for now. 
+    - You did remember to set the website address of your project to the list of "Authorized redirect URIs", right?
+    - You need a test user who is an admin in your database (of users collection) with real email address to recieve emails
+    
+    - There are better ways to handle user authentication and authorization, for example authentication APIs and other 3rd party solutions that can improve the security of one's application. In industry it is preferred to defer the responsibility of user authentication and authorization to some 3rd party identity provider because it saves time, money, and resources in the long run.
 
 
 ## Translations with Flask-Babel