One of the very first thing I learned from Trung as a web developer is to Salt/Hash passwords before storing them in the database. This means that even if my database is compromised, all my user’s passwords are “safe” because it is encrypted. In fact, it also means I never actually know what my user’s passwords are, which is how it is supposed to be.
But I am always surprised when I find big internet companies do not implement this common practice. So far I have found two:
- Media Temple
- Who’s next??