Software Engineer
hardsecure-password-storage

How should passwords be stored securely?

Answer

Never store plaintext passwords. **Best practice:** - Use a slow, adaptive hash like **Argon2id** (or bcrypt/scrypt). - Use a unique **salt** per password (usually built into libs). - Consider a **pepper** stored separately (optional). - Enforce MFA and rate limits on login. Also store only what you need and log auth events safely (no sensitive data).

Related Topics

SecurityAuthenticationBest Practices

Related Questions

medium

What is the difference between REST and GraphQL?

easy

Explain Big O notation with examples.

hard

How would you design a URL shortening service like Bitly?

Back to Software EngineerAll Professions