Implementation Notes on BCrypt Authenticator
These are some implementation notes on the BCrypt Authenticator and its relative security.
- The login form accepts the user's password as plain text. This means that you should use SSL to keep the password from being exposed on the network.
- The salt used is a unique one-time value. Each time a password is generated, a new salt is generated and used only with that password.