Inconsistent recommendations around verification tokens

The docs for password reset recommend that [password reset tokens](https://thecopenhagenbook.com/password-reset#password-reset-links)  be hashed with SHA-256 before being stored.

However, the docs for email verification have no mention about hashing [email verification tokens](https://thecopenhagenbook.com/email-verification#email-verification-links) or [email verification codes](https://thecopenhagenbook.com/email-verification#email-verification-codes).

Could you please clarify whether email verification tokens/codes should also be hashed before being stored

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Inconsistent recommendations around verification tokens #40

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Inconsistent recommendations around verification tokens #40

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions