How does Nodecraft store user passwords?
When creating a Nodecraft account, Nodecraft uses a slow hashing function known as bcrypt to store user passwords. To simplify, because bcrypt is a “one-way” hash, nobody (including Nodecraft) can "decrypt" it to figure out the underlying password. Instead, every time you log in, we run your password through this hashing function to see if the same plaintext turns into the same hash. If it does, we allow you to log in.
You can also use a service such as Discord or Twitch to register/login to Nodecraft.com, which will negate the need to create a Nodecraft.com password entirely, and eliminate the need for us a store a password for your account at all. These services will manage your authentication to our website.
Nodecraft also supports two factor authentication and we encourage all users to enable this where possible.