DEV Community

Discussion on: Learn to protect passwords with Bcrypt hash in a few minutes

Collapse
 
phlash profile image
Phil Ashby

Thanks for this concise and valid guide to hashing passwords for storage 🙏

I would like to add that along with a secure storage mechanism, managing passwords (and thus access to your service) locally also needs a well-thought-out set of password reset and recovery flows, possibly involving call centre humans and other factors outside the software. The majority of access control failings are due to these processes being easier to attack (eg via social engineering) than the technology.