Products
Topics
Browse products through topics
Upcoming products
See what Makers are currently building
Collections
Products curated by the community
Time travel
Most loved products by the community
Newsletter
The best of Product Hunt, everyday
Web3
Keep up to date with the latest in web3
Community
Discussions
Ask questions, find support and connect
Stories
Tech news, interviews and tips from Makers
Makers Grant
Giving back and supporting our community
Events
Find the best tech events around the world
Changelog
Release notes from the Product Hunt team
Tools
Founder Club
Amazing deals to kickstart your startup
Ship
The toolkit made for Makers
Jobs
About
About us
Ambassadors
Careers
Apps
FAQs
Advertise
Post a job
Legal
  1. Discussions
  2.  → How many of us know exactly how users passwords are...

How many of us know exactly how users passwords are stored in your application 🤔

Devanand Premkumar
10 replies
Do you make use of any password hashing algorithms? If yes, what are they? 1. plain text 2. pbkdf2, 3. bcrypt, 4. scrypt, 5. argon2, 6. Balloon 7. others 8. Not sure Let us hear more about your password storage mechanism.

Replies

Jan Mazurek
IT specialist
Is option "plain text" is decilne of hashing algorithm, and should never be used?
Share
Devanand Premkumar
Security Researcher
@jan_mazurek Totally agree with you that plain text should never be used. However there are still very many applications making use of plaintext passwords. In the event of a data breach, that could turn potentially a disaster scenario.
Share
NeadReport
I came. I lurked. I commented.
I'm a former KeyPass and 1Password user. I now use Bitwarden and am very pleased with both PC and Mobile apps (as well as their Chrome extension). One of the reasons I moved to Bitwarden was its ease of use - with which my wife agreed. Here is Bitwarden's page where they discuss encryption methods as it relates to storing passwords and encrypting a user's 'vault'. https://bitwarden.com/help/artic... [To answer your question: pbkdf2]
Share
Devanand Premkumar
Security Researcher
@neadreport That is good to hear. As an end-user having awareness of password storage shows your interest in password security. Cheers
Share
Manan Kevadiya
For me, it 3rd option bcrypt.
Share
Devanand Premkumar
Security Researcher
@manan_kevadiya bcrypt is also my choice of password storage :)
Share
Deepak Gupta
Co-founder @LoginRadius, #developer
having passwords one-way hashed is critical to protect accounts. I don't think 'plain text' should be in the option anymore..:) PBKDF2 with unique salt and iterations is most secure. FYI: list of most commonly used algos: https://www.loginradius.com/docs...
Share
Devanand Premkumar
Security Researcher
@dip_ak Oh yes for sure, plain text passwords should never ever be used in any environment for sure. Considering the numerous data breaches hitting the media, it is always advisable to keep super sensitive data like passwords using safe and secure password hashes created exclusively for such.
Share
Ronak Kadhi
How about we eliminate password! I'm working on a product which will eliminate passwords for everyone. We are soon releasing the API for public so you can also onboard users hassle free and without the need to maintain any kind of database for passwords.
Share
Devanand Premkumar
Security Researcher
Happy to hear about your upcoming launch. Wishes in advance :) We are hearing talks about eliminating passwords for quite some time. We need something robust enough to handle all the daily day-to-day requirements. Think about the numerous applications and websites which are dependent on passwords. How do we migrate them to a password-less environment? How do we handle the lost password requirement for password-less tool/technique/process? Think big ,for this is an opportunity which has the potential to impact more people than what we can imagine.
Share