Proper password handling for login

Posted by piers on Pro Webmasters See other posts from Pro Webmasters or by piers
Published on 2012-06-02T11:45:57Z Indexed on 2012/06/03 22:47 UTC
Read the original article Hit count: 246

Filed under:
|
|

I have read a lot about PHP login security recently, but many questions on Stack Overflow regarding security are outdated.

I understand bcrypt is one of the best ways of hashing passwords today. However, for my site, I believe sha512 will do very well, at least to begin with. (I mean bcrypt is for bigger sites, sites that require high security, right?)

I´m also wonder about salting. Is it necessary for every password to have its own unique salt? Should I have one field for the salt and one for the password in my database table? What would be a decent salt today? Should I join the username together with the password and add a random word/letter/special character combination to it?

Thanks for your help!

© Pro Webmasters or respective owner

Related posts about security

Related posts about password