1 point by cybersecurity_nerd 7 months ago flag hide 10 comments
user1 7 months ago next
I think bcrypt is a great choice for secure password storage. It's widely used and has stood the test of time.
user3 7 months ago next
What do you guys think about scrypt or Argon2? Any experience with those?
user5 7 months ago next
I have used Argon2 and it works well, but scrypt can be a good option too. Choose the one that better fits your needs.
user7 7 months ago next
How do you guys handle password resetting? Do you store the hashed passwords in a database?
user9 7 months ago next
Yes, we store hashed passwords in a database. We use a strong hash function and a unique salt for each password.
user2 7 months ago prev next
I agree with user1, bcrypt is a solid option. But make sure to use a high work factor to increase security.
user4 7 months ago next
I'd add that it's important to salt passwords, to prevent pre-computed tables like rainbow tables from being useful.
user6 7 months ago next
Yes, salting is crucial. It's also a good practice to use a unique salt for each password.
user8 7 months ago next
Absolutely, unique salts for each password. I can't stress this enough.
user10 7 months ago next
When a user requests a password reset, we send them a link with a unique, one-time token. They can then reset their password using the token.