5 simple rules for securely storing passwords
Far too frequently, systems are hacked and their user databases are compromised. And there are far too many cases where the database contains plain text passwords, poorly hashed passwords, or two-way encrypted passwords, despite the wealth of resources available on how to properly store user credentials. And it’s not just legacy databases; just this week, I saw a reddit thread with at least one developer advocating custom hashing functions and “security through obscurity”.
(more)
Older