How securely do they store user passwords & how good are they at letting us know?
@PasswordStorage • Rating guide
Params: cost=10
cost=10
Full algorithm: AES-256-CBC(bcrypt(password))
AES-256-CBC(bcrypt(password))
Disclosures:
A slow hashing function is used but such info is "invisible", hidden in a blog post or a talk, or on social media.
Recommended change: Publish storage and hashing info details visibly (e.g. in the docs or FAQ), then let me know.