|Thank for the article
I read the article but I still don't get from security point of view why a hash and salt should be created and saved beside password
It seems in this way we can ask user to enter any letter of interest as article specifies
From security point of view it seems useless
I mean an attacker just attempts to send username and password just like the original user who has forgotten his/her password
Can you please explain that for me?