

Stop storing passwords already - intull
http://thatextramile.be/blog/2012/01/stop-storing-passwords-already

======
pllbnk
The big problem is that developers who care are most likely already storing
password securely, except for those who for some reasons have to battle
various corporate rules. And those who don't care, most of them will not start
caring because they have more pressing matters at hand than their company's
security.

~~~
krapp
I don't think it's necessarily that clear cut - the big problem is the lack of
knowledge that encryption isn't good enough. There are probably plenty of
developers who do care, and aren't aware that the clever algorithm they're
using with the key hard-coded in the source code may not be 'secure.' And of
the set who know that hashing !== encryption, probably a lot of them (at least
in PHP land) will be told to just use md5.

------
crk111
Isn't the article too old?

