Is storing passwords with bcrypt enough?5 days ago
I'm building a login system and currently hashing passwords with bcrypt. Just wondering if that’s secure enough these days.
Answers (3)
Harun Ndogo5 days ago
Don’t forget to use HTTPS — hashed or not, credentials shouldn’t be sent in plain text.
Harun Ndogo5 days ago
Also implement rate limiting and lockouts for brute force protection.
Harun Ndogo5 days ago
Yes, bcrypt is still standard. Use a strong cost factor (at least 12).