PR 1201 changes the hashing algorithm for passwords from SCrypt to BCrypt in a backward compatible manner. Old (SCrypt type) passwords can still be used. New passwords will be hashed with BCrypt.
Password hashing algorithm changes
Mainly this article:
But for me, it boils down to ease of use and here I find BCrypt easier. There is only one parameter and it can be configured in application.conf.
Anyway, someday we should add two-factor authentication. I don’t find using only passwords very secure. Also, we could add the support for different password hashing algorithms which could then be configured.
Hmm, now there is also Argon2:
i’m not sure to fully understand, but as you prefer