CodyTVWeber
commented
3 weeks ago I am thinking this could be optional step, but highly recommended for security. This is because pretty much all websites are going to be hacked sooner or later. But if hackers get salted-hashed passwords, it is practically useless from what I understand.
A method for hardening your users' credentials during a leak is to also salt the hashed passwords. This will harden your hashes against hackers trying figure out passwords of users by comparing the non-salted hashes against a rainbow table.