Security is hard. That’s not a secret. Defenders need to be perfect, attackers only need to find one mistake. That said, there’s a lot you can do to improve your company’s security. User Credentials Store your users' passwords for your site responsibly. This means using PBKDF2 (with high iteration count), bcrypt, or scrypt. There’s no reason for you to use anything else. Offer two factor authentication for your users. If your product is for teams, make it easy for administrators to ch...
