Mike Wass
Former TLOPO Developer
I am posting this thread in light of the recent leak of a similar project's password database. If you are a user who tends to use the same password multiple times, please change your password. It is a security risk for yourself, along with anywhere you have an account with elevated privileges.
As Tom Scott says in the below video, at some point when you are doing web-based projects, you will need to store passwords... and it is very easy to screw up. It is up to date, and explains three ways to NOT store passwords. The other project stored them plaintext, meaning your raw password was left in the database for anyone to see.
View: https://www.youtube.com/watch?v=8ZtInClXe1Q
The best way to store passwords at the time of this publishing is hashing and salting, which is briefly explained in above video.
This article worth the read: https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
All of the above links explain all of what you need to know to store passwords safely on any web project.
As Tom Scott says in the below video, at some point when you are doing web-based projects, you will need to store passwords... and it is very easy to screw up. It is up to date, and explains three ways to NOT store passwords. The other project stored them plaintext, meaning your raw password was left in the database for anyone to see.
The best way to store passwords at the time of this publishing is hashing and salting, which is briefly explained in above video.
This article worth the read: https://paragonie.com/blog/2016/02/how-safely-store-password-in-2016
All of the above links explain all of what you need to know to store passwords safely on any web project.
Last edited: