Securing user passwords is an important part of any web application that provides identity management service and when it comes to managing passwords, it’s crucial to use the best practices and techniques available in order to minimize the chance of an attacker being able to access passwords.
We have recently adopted Bcrypt algorithm as a one- way digest for creating password hashes. Bcrypt as a password hashing function was designed by Niels Provos and David Mazières, based on the Blowfish cipher .
This algorithm aims to make it computationally impossible for a professional hacker using none PC devices (e.g. GPU) in order to decrypt passwords as the hashing mechanism is intentionally very slow.