Apr 22, 2020 - 07:21 AM
Indeed, only the email@example.com account does not benefit from more advanced authentication methods. It is possible to deactivate this account when it is not in use (and reactivate it from the Database in the event of disaster recovery).
Second approach, we use the BCrypt hash algorithm which is designed not to allow online brute-force (because it is slow to calculate). Even if the firstname.lastname@example.org account remains active, as long as a strong password is applied, it will not be possible to brute-force it in a realistic time.