Now with password_hash() in PHP >=5.6, do we need to also use BCRYPT to make the object/password more secured?
If yes, then could any one please describe how to store a password in registration page using password_hash() AND BCRYPT, and then how to retrieve information to login user on login page?
Sorry if anyone is offended by a beginner's limited knowledge. I am confused and didn't quite get the answer.
UPDATE:
I got the idea now, there is no need to user BCRYPT/salt/pepper with password_hash() now as PHP creates its own random salt during runtime. The easiest step is to simply hash password using password_hash($passwordVariable) and for verification simply use password_verify($passwordEntered, $hashedPassword_fromDB). Thanks everyone.
