You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Passwords are hashed with crypt, which is -- in this day and age -- extremely insecure.
It should be replaced with bcrypt and some sort of upgrade procedure should be put in place to auto-upgrade passwords to bcrypt hashing when users log in.
For users that don't log in regularly, we should consider whether simply to invalidate their passwords in some way that avoids a brute force attack but allows a user to recover and set a bcrypt hashed password.
The text was updated successfully, but these errors were encountered:
Passwords are hashed with crypt, which is -- in this day and age -- extremely insecure.
It should be replaced with bcrypt and some sort of upgrade procedure should be put in place to auto-upgrade passwords to bcrypt hashing when users log in.
For users that don't log in regularly, we should consider whether simply to invalidate their passwords in some way that avoids a brute force attack but allows a user to recover and set a bcrypt hashed password.
The text was updated successfully, but these errors were encountered: