

Hover secures passwords with bcrypt and adds ID verification - freejack
http://help.hover.com/2011/07/07/hover-secures-passwords-with-bcrypt-and-enhances-usability-with-identity-verification-tools/

======
freejack
The short form is that we pulled our plans ahead based on all the great
feedback we received this week and implemented exactly what we should have
done months ago. We used bcrypt. We used bcrypt. We used bcrypt. We used
bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We used bcrypt. We
used bcrypt.

The more complex piece is the identity verification tools we implemented. We
previously used passwords as a crutch to determine with some certainty if the
person on the other end of the phone was really the account holder. In
retrospect that was just dumb, and my fault and my team has reminded me of
that many times in the past 48 hours since the issue was initially raised
here.

So again, thanks for all the feedback and holding us to a high standard so
that we could get the the place where we should have been all along.

------
Rook
Good work folks! Nice choice on bcrypt :)

~~~
freejack
Thanks - there was really no discussion on that particular aspect of the
implementation :-)

------
joshontheweb
Glad you changed it up. Im a customer of Hover and wasn't happy with the
previous situation.

