Thanks for this concise and valid guide to hashing passwords for storage 🙏
I would like to add that along with a secure storage mechanism, managing passwords (and thus access to your service) locally also needs a well-thought-out set of password reset and recovery flows, possibly involving call centre humans and other factors outside the software. The majority of access control failings are due to these processes being easier to attack (eg via social engineering) than the technology.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Thanks for this concise and valid guide to hashing passwords for storage 🙏
I would like to add that along with a secure storage mechanism, managing passwords (and thus access to your service) locally also needs a well-thought-out set of password reset and recovery flows, possibly involving call centre humans and other factors outside the software. The majority of access control failings are due to these processes being easier to attack (eg via social engineering) than the technology.