Encrypting and storing passwords correctly
One thing I have often seen is badly stored passwords. Just because the password is stored in a database on your server, does not make it secure. So what do badly stored passwords look like?
Secure passwords stored badly are no longer secure. The passwords in the previous screenshot are the actual user passwords. Entering the first password, ^tj_Y4$g1!8LkD
at the login screen will give the user access to the system. Passwords should be stored securely in the database. In fact, you need to employ salted password hashing. You should be able to encrypt the user's password, but never decrypt it.
So how do you ...
Get C# Programming Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.