In times of leaked passwords, we want to give a reassuring message about the security of your login information in Cortexio: It is very good.
At Cortexio, we use bcrypt , https://en.wikipedia.org/wiki/Bcrypt , to hash and salt your password. Your password is converted to a text in the following format: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy before saving it to the database. We do not save your password in plain text anywhere. A unique, server-generated, text (salt) is added to your password before it is encrypted. This makes it impossible to recover your password from a database dump. To make sure that you log in with the correct password, a similar encryption call is run at login.
Hopefully, more web services will take their responsibility when it comes to storing passwords correctly so we won’t have to worry about such leaks in the future.