Jeff Atwood: …storing plaintext passwords in the database is strictly forbidden—that there’s a better way, starting with basic hashes. Hashing the passwords prevents plaintext exposure, but it also means you’ll be vulnerable to the astonishingly effective rainbow table attack I documented last week. Hashes alone are better than plain text, but barely. It’s not enough … Continue reading Storing Passwords