suggestion: do not demonstrate storing a password in plain text

[kardianos]

Examples should often take extra steps to be correct. When demonstrating how to display an error message to the user:
https://github.com/Checkmarx/Go-SCP/blob/c3471ef24a7c2ca6a769457783f43c60712f087a/authentication-password-management/communicating-authentication-data.md

The password check is apparently stored in plain text. I would recommend returning fields called PasswordHash and Salt then doing some fake calls to verify that against the given password in the example.

[PauloASilva]

Hi @kardianos,
I do agree with your suggestion: including/returning names like PasswordHash and Salt makes sense to get readers as familiar with them as they are with common username and password ones.

We would be glad to accept a Pull Request from you, following the suggested approach, otherwise we will put it on our changes queue for the next release.

Thanks for sharing,
Paulo

[Jack64]

@kardianos @PauloASilva adjusted #31 to include a fix for this issue. Let me know if you think that's sufficiently clear or requires additional remarks.

[kardianos]

I find salt would give it more flavor.