We did not spend any time on why we chose PBKDF2 as our password-storing function. We will step through different levels of password security and talk about why we did not choose these methods.

First up is clear text passwords. I think this is very clear why this is a bad security practice. If attackers ever get your database, they have every user's username and password without doing any work. Most users reuse passwords, so this could give the attackers access to many people's Facebook, Gmail, and even the users' bank accounts. Never do this, especially when doing it correctly is very easy.

The next step up in storing passwords is using a hash function. A couple of popular functions are MD5 and SHA-256. These functions will ...