How can I store my users' passwords safely?

Question

How much more safe is this than plain MD5? I\'ve just started looking into password security. I\'m pretty new to PHP.

$salt = \'csdnfgksdgojnmfnb\';

$passwo         


        

Answer 1

I want to add:

• Don't limit users passwords by length

For compatibility with old systems often set a limit for the maximum length of the password. This is a bad security policy: if you set restriction, set it only for the minimum length of passwords.

• Don't send user passwords via email

For recovering a forgotten password you should send the address by which user can change the password.

• Update the hashes of users passwords

The password hash may be out of date (parameters of the algorithm may be updated). By using the function password_needs_rehash() you can check it out.