Nowadays, most big paid forum software (vbulletin, ips, xenforo, wolflab) including open source ones like phpbb3 most have adopted the new powerful authentication
using bcrypt at the exception of MODX cms which uses PBKDF2 as far as I know due to supporting those new technologies while I was developing an identical authentication
bridge to allow those already existing administrator of those forums/cms to install a multiplayer open source game which users will retain their existing user/password
to access to the game. With the new approach OAuth like fb/google and the like, I no longer need to mimic those authentication steps but rather delegate to the host owner
to do the job. There is other stronger authencation like two-factor authentication making it harder to hack.
Trying to get user/password in one single place so not to have to remember which account/password goes with which site sounds the ideal thing to do at least
for me.
Password will probably not going to die in the long run since you will always need it to verify who you really say you are for whatever transaction processing. My guess is changing
it often will get it more secure and probably a wise thing to do. Til these new algorithms are no longer safe, there will be always new to come out. Guess the future will tell.
Nowadays, most big paid forum software (vbulletin, ips, xenforo, wolflab) including open source ones like phpbb3 most have adopted the new powerful authentication
using bcrypt at the exception of MODX cms which uses PBKDF2 as far as I know due to supporting those new technologies while I was developing an identical authentication
bridge to allow those already existing administrator of those forums/cms to install a multiplayer open source game which users will retain their existing user/password
to access to the game. With the new approach OAuth like fb/google and the like, I no longer need to mimic those authentication steps but rather delegate to the host owner
to do the job. There is other stronger authencation like two-factor authentication making it harder to hack.
Trying to get user/password in one single place so not to have to remember which account/password goes with which site sounds the ideal thing to do at least
for me.
Password will probably not going to die in the long run since you will always need it to verify who you really say you are for whatever transaction processing. My guess is changing
it often will get it more secure and probably a wise thing to do. Til these new algorithms are no longer safe, there will be always new to come out. Guess the future will tell.