I'm using laravel passport to make a login system in my api.
But I was wondering if there is any way to make the password more secure, is there any way to do more rounds in the password, I also read that Argon2id is more secure than bcrypt, that is correct? If is correct how I use it?. Here I leave my signup code
public function signup(Request $request)
{
$request->validate([
'name' => 'required|string',
'email' => 'required|string|email|unique:users',
'password' => 'required|string|confirmed',
]);
$user = new User([
'name' => $request->name,
'email' => $request->email,
'password' => bcrypt($request->password), // Hash
]);
$user->save();
return response()->json([
'message' => 'Successfully created user!'], 201);
}
From the docs:
You can specify the number of rounds for both bcrypt and argon2 hashing drivers which you can set in your config/hashing.php file
For bcrypt:
$hashed = Hash::make('password', [
'rounds' => 12,
]);
For argon2
$hashed = Hash::make('password', [
'memory' => 1024,
'time' => 2,
'threads' => 2,
]);
Opinion seems to be that argon2 is more secure. I can't claim to entirely understand why but I gather it's to do with argon2's multi-threading which if I understand correctly makes it more resistant to GPU cracking than bcrypt.