Today i will gonna show you how to secure your users password in php.
– Don’t limit what characters users can enter for passwords. Only idiots do this.
– Don’t limit the length of a password. If your users want a sentence with supercalifragilisticexpialidocious in it, don’t prevent them from using it.
– Never store your user’s password in plain-text.
– Never email a password to your user *except when they have lost theirs, and you sent a temporary one.*
– Never, ever log passwords in any manner.
– Never hash passwords with [SHA1] or MD5! [Modern crackers] can exceed 60 and 180 billion hashes/second (respectively).
– Use scrypt when you can; bcrypt if you cannot.
– Use PBKDF2 if you cannot use either bcrypt or scrypt, with SHA2 hashes.
– Reset everyone’s passwords when the database is compromised.
– Implement a reasonable 8-10…
View original post 857 more words