You ought to ofc 'salt' customers passwords just before hashing them to prevent being able to Get better the original password from the hash. $endgroup$Henrik supports the communityHenrik supports the community 10355 bronze badges $endgroup$ three $begingroup$ This isn't in any way a good rationale for anyone to Restrict the duration of passwords.H