- If you are storing passwords in a database, use bcrypt, scrypt, or Argon2.
- If you insist on using MD5 or SHA algorithms to hash password at a minimum use a salt.
- One goal when thinking of the hashing algorithm is to make it extremely difficult and time consuming for a threat actor to brute-force your password(s).
- Make 2FA mandatory.
i0bj/hash-matcher
Tool that matches specified hash against a list of passwords that may have the same hash value. If the hash is found in the list the corresponding password is given.
GoMIT