Weak password hashing can have severe consequences on a data breach due to easiness to brute force and actual data retrieval.
Therefore, for password you need a strong password hashing scheme. Bcrypt is a good solution that php itself offers out of the box:
- https://www.php.net/manual/en/function.password-hash.php
- https://www.php.net/manual/en/function.password-verify.php
But in case you inherited bad code and bad password storage how you migrate them into a good one?
For that read at arkabat's blog: https://akrabat.com/migrating-to-password_verify/
I am in a position that I have inherited bad code and need to fix it. Arkabat's solution seems a good one for me.
Top comments (0)