Quote (Mastersam93 @ Aug 28 2017 05:11am)
If you really want to secure passwords properly, salt them and use a key stretching hashing algorithm like bcrypt to protect against
rainbow tables and brute force respectively.
But using https is fine.
You missed my point. My point is that using https isn't secure if you're sending the password. Like you and the article I posted earlier state you should be using a hashing algorithm / hmac.
Quote (nuvo @ Aug 27 2017 04:58pm)
Guess how you login to most services, websites etc.
Unless they employ certificates for login, but honestly outside of very enterprisey stuff I have never ever seen this.
Most websites have poor security. That doesn't mean you should too.