I'm trying to improve my login system and make it more secure.
$hashed_pass = password_hash($pass, PASSWORD_BCRYPT);
Is this function the best way to safely store password and other information in the database?
Asked
Active
Viewed 152 times
2
-
2Yes, for passwords. What "other information"? If you need to be able to get the original data you need to encrypt, not hash. Also hopefully using parameterized queries. – user3783243 Aug 07 '18 at 15:09
-
The only winning move is not to play. Enable social sign-in (i.e. with google and/or facebook) and make password storage someone else's problem – apokryfos Aug 07 '18 at 15:15
-
@apokryfos Because that is entirely devoid of problems and will never ever fail or present any sort of inconvenience. ;-P – deceze Aug 07 '18 at 15:31
-
@deceze of course it can fail, but it probably isn't going to be your fault :P – apokryfos Aug 07 '18 at 15:36
-
1@apokryfos thanks for the edit, you were "spot on" ;-) *Cheers* – Funk Forty Niner Aug 07 '18 at 15:43
1 Answers
2
Is this function the best way to safely store password and other information in the database?
Yes it is safe to use. However, if you're looking for something even more powerful and your server supports it, you can use Argon2.
Reference links are:
- https://en.wikipedia.org/wiki/Argon2
- http://php.net/manual/en/function.password-hash.php (it's listed with the syntax).
However, using a custom salt has been deprecated in PHP 7.0.0
Warning The salt option has been deprecated as of PHP 7.0.0. It is now preferred to simply use the salt that is generated by default.
apokryfos
- 38,771
- 9
- 70
- 114
Funk Forty Niner
- 74,450
- 15
- 68
- 141