You might be on place re: data leakage and This could be an important thought for anyone rolling their own authentication/authorization scheme. +one for mentioning OWASP. Armed with personnel passwords, hackers can masquerade as authorized end users and waltz correct previous stability controls. Hackers can get account qualifications by way http://pigpgs.com
