When dealing with user information, it's essential to be mindful of best security practices in order to ensure that user information such as passwords is stored in a way that if your database is compromised, the user's bare passwords are not exposed in plain text. As shown in Chapter 3, Migrations, DAO, and Query Building, we're using the native PHP
password_verify() functions to encrypt and decrypt our users' passwords. While these standards are easy to use, in the development of your application, you may find it easier to take advantage of the Yii2 security component used to hash user passwords and for the encryption of sensitive data:
With Yii2, ...