Timetracker uses md5 to store/hash passwords

[jgrammen-agilitypr]

https://medium.com/analytics-vidhya/password-hashing-pbkdf2-scrypt-bcrypt-and-argon2-e25aaf41598e

Timetracker should be using a cryptographically secure password hashing algorithim. And since bcrypt is built in, and reasonably secure it should be the baseline. Ideally with an option to use ARGON2ID if support is available in an end users php installation.

https://www.php.net/manual/en/function.password-hash.php https://stackoverflow.com/questions/47602044/how-do-i-use-the-argon2-algorithm-with-password-hash