|
|
|
|
|
|
by ryanlol
3776 days ago
|
|
|
>The way upgrade should work is that the user provides their password, which is verified with SHA-2 and then hashed with bcrypt and stored again. Er no, forcing email password resets and blocking the old passwords is the only way you should ever handle breaches like this. to the downvoter: do you think it's cool to fuck over every single one of your customers that hasn't logged in recently? |
|
|