I have a web application that handles employees work sheets.
They have username/password combinations assigned to them from an admin.
The passwords are salted and hashed individually.
The problem is, they are all being assigned the same password by the admin. This is obviously a security problem.
I don't want to error with the password you are trying to use is already in use because...
- It reveals someone else has that password. Bad security.
- I can't easily compare passwords. I need to salt and hash them individually because of the way they are stored in the database.
Do I have any options to try and limit this behaviour?