DP_PN Wrote: What's the point of having the password? Isn't it to authenticate? You can bypass the hassle of having to bruteforce millions of combinations by simply using the loginkey. Of course if someone finds out there was a breach, the logout can be forced. It's the same breach people would use to get the password hashes so it would still be possible to alert everyone to change password before you could even use it. A lot of people use the same password for different sites, that's right - and that's the only advantage of getting the password rather than the loginkey.
Forcing everyone to logout renders the loginkeys useless in the event of a breach, as they would have to login and generate a new loginkey.
18-09-2015, 06:43 PM
Joseahfer Wrote: I have seen similar tutorials on this. And in all of then, you had to edit the password of the current members, which is a very big task. Is it the same with this tutorial?
No, this tutorial automatically converts your passwords from md5 to bcrypt over time as people login.