Pepper will provide an additional layer of protection. Unlike salt, pepper will remain the same for all the hashes and it will not be exposed and kept as a secret, probably somewhere in the configuration file of the app. The con of using pepper is long term maintenance. If pepper for some reason will be compromised or you decide to change it, all the passwords, hashed with pepper, will be invalid and require to change. I guess most of the time hashing with salt provides a great balance between security and convenience :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
What do you think about adding pepper too?
Pepper will provide an additional layer of protection. Unlike salt, pepper will remain the same for all the hashes and it will not be exposed and kept as a secret, probably somewhere in the configuration file of the app. The con of using pepper is long term maintenance. If pepper for some reason will be compromised or you decide to change it, all the passwords, hashed with pepper, will be invalid and require to change. I guess most of the time hashing with salt provides a great balance between security and convenience :)