https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e
Timetracker should be using a cryptographically secure password hashing algorithim. And since bcrypt is built in, and reasonably secure it should be the baseline. Ideally with an option to use ARGON2ID if support is available in an end users php installation.
https://www.php.net/manual/en/function.password-hash.php
https://stackoverflow.com/questions/47602044/how-do-i-use-the-argon2-algorithm-with-password-hash
https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e
Timetracker should be using a cryptographically secure password hashing algorithim. And since bcrypt is built in, and reasonably secure it should be the baseline. Ideally with an option to use ARGON2ID if support is available in an end users php installation.
https://www.php.net/manual/en/function.password-hash.php
https://stackoverflow.com/questions/47602044/how-do-i-use-the-argon2-algorithm-with-password-hash