Storing passwords in plaintext #24
2br-2b
started this conversation in
Ideas for new Bad Practices
Replies: 2 comments
-
|
Agree. The plaintext passwords should be hashed with a strong hashing mechanism(i.g Bcrypt) and salting techniques. Those might not be 100% guarantee protection as some attacking techniques like rainbow table can reverse the hashed passwords to plaintext ones. |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
not requiring user names be an email would be helpful. I like that the banks I use allow me to a have a randomized user name in addition to the the password. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Passwords on a server should be hashed and should not be stored in plaintext.
If a system storing plaintext passwords is breached and a user follows a different bad practice and reuses their passwords, then all systems with the same password have effectively been breached for that user.
Beta Was this translation helpful? Give feedback.
All reactions