Have you considered the OWASP recommendations for password storage?

[ptaoussanis]

Moving a question from @ieugen below:

---

A different question (maybe another issue?).
Have you considered the OWASP recommendations for password storage?
Would it make sense to have an opinionated module that users can use and get Tempel with pre-configured options following OWASP recommendations ?

I know some people who do compliance find these certifications / recommendations very important.
I know they change over time so adding the year in the name would make it easy to check and switch: :owasp-2024-xxx .

https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#maximum-password-lengths

[ptaoussanis]

Tempel can already meet the linked OWASP recommendations, would just need to document how users can do that.

If there's interest, I'm happy to add this to the next wiki docs update 👍