Here’s some encouraging news on the security front. As regular readers know, I’ve written several times about how to safely hash passwords and complained about sites that don’t do it correctly. Now PHP 5.5 has a function that does the right thing automatically. Just make the call
$hash = password_hash($password, PASSWORD_DEFAULT);
and you get a properly salted password hash processed by bcrypt. The default algorithm of bcrypt can be overridden as can the amount of work required to hash the password.
PHP programmers no longer have an excuse for not doing the right thing. No special knowledge or crypto expertise is needed. Simply use the provided API and get safe password storage. Let’s hope a facility such as this comes to other programming environments.