Mid ASP.NET Core

Securing password storage?

ASP.NET Core Identity uses PBKDF2 hashing by default.

Best practices:

  • Never store plaintext passwords
  • Use salted + hashed storage
  • Use PasswordHasher<T> or Identity defaults

Use:

PasswordHasher<T>.HashPassword(user, password)

Can switch to Argon2, Bcrypt via custom password hasher.

More from ASP.NET Core Tutorial

All questions for this course