What best practice should be followed when storing hashed passwords in a database using PHP?

When storing hashed passwords in a database using PHP, it is best practice to use a strong hashing algorithm like bcrypt and also include a unique salt for each password to increase security. This helps protect user passwords in case of a data breach.

// Generate a random salt
$salt = bin2hex(random_bytes(16));

// Hash the password with bcrypt and the salt
$hashed_password = password_hash($password . $salt, PASSWORD_BCRYPT);

// Store the hashed password and salt in the database
$stmt = $pdo-&gt;prepare(&quot;INSERT INTO users (username, password, salt) VALUES (?, ?, ?)&quot;);
$stmt-&gt;execute([$username, $hashed_password, $salt]);

Keywords

password hashing password_hash password_verify bcrypt salting

What best practice should be followed when storing hashed passwords in a database using PHP?

Keywords

Related Questions