[Sasino97]

Quote:

Originally Posted by Robin96 In addition to this guide I'd like to invite those who are interested to watch this video: https://www.youtube.com/watch?v=8ZtInClXe1Q

Thanks for the contribution, great video and great idea to post it as first comment.

Quote:

Originally Posted by RogueDrifter You're still storing them, so this should've been like How to use a proper way of storing passwords by salting hashing or using an existing plugin.

Yes, of course in the end you will have to store them, but I wanted to say something more like "the ways that you must not use when storing your users' passwords".

Quote:

Originally Posted by Y_Less This actually isn’t a good idea. The trend in passwords is towards things that are hard for people to remember, but really easy for computers to guess, since they literally don’t care about the difference between S and $. Meanwhile people will try and meet the requirements in the simplest way possible, with something like p4S$word - and they all think they’re really clever because they used @ instead of a, which is not clever at all and all the good crackers know about literally every replacement scheme. A MUCH better scheme (known as “correct horse battery staple”) is to have the user select four random words (there are services for this, but they tend to use a reduced word set - just flick through a dictionary, or get a word from the back of a shampoo bottle or something): glossy lock pillar stinky VASTLY easier to remember, and VASTLY harder to crack. See the XKCD comic that introduced it: https://www.xkcd.com/936/

Thanks. I think that what you posted it is the perfect way to select a password, and if I remember correctly my teacher one day talked about this. I updated my post with a more correct information.