We’re committed to your security — and today, we’re proud to announce a major improvement to the way MYETV handles password protection.
🔐 We’ve officially transitioned from using bcrypt
to Argon2id
for hashing passwords.
Please note: All logged users have been disconnected automatically; at the time of username and password insertion the procedure will automatically convert the passwrod to the new Argon2ID algorithm without the user having to do anything. Welcome to the modern encryption- [Encryption: to change electronic information or signals into a secret code (= system of letters, numbers, or symbols) that people cannot understand or use on normal equipment] - .
🔍 What is Argon2id?
Argon2id is a modern password hashing algorithm, officially recognized as the winner of the Password Hashing Competition (PHC). It’s designed to be resistant to both GPU cracking attacks and side-channel attacks, offering configurable memory usage, time cost, and parallelism.
Among its variants (Argon2d, Argon2i, and Argon2id), we chose Argon2id because it balances resistance to both side-channel attacks and brute-force cracking, making it ideal for web applications like MYETV.
🛡️ Why We Switched from bcrypt to Argon2id
While bcrypt
has been a trusted standard for many years, it was developed in 1999 — long before the rise of modern attack techniques using multi-core processors and GPUs. As threats evolve, so must our security practices.
Comparison: bcrypt vs Argon2id
Feature | bcrypt | Argon2id |
---|---|---|
Year Introduced | 1999 | 2015 |
Memory Hardness | ❌ No | ✅ Yes |
GPU Resistance | ⚠️ Limited | ✅ Excellent |
Parallel Processing | ❌ No | ✅ Yes |
PHC Winner | ❌ No | ✅ Yes (Argon2) |
Security Level | 🔒 Good (legacy) | 🛡️ Excellent (modern) |
📈 How They Work: Visual Overview
bcrypt:
A CPU-bound algorithm that uses repeated rounds of encryption. While secure, it’s less effective against modern hardware-based attacks.
Input Password → Salt → bcrypt rounds (e.g. 12) → Hash
Argon2id:
A memory- and CPU-hard algorithm designed to make large-scale cracking prohibitively expensive, especially on GPUs.
Input Password → Salt → Memory Blocks + Iterations + Parallelism → Argon2id Hash
Illustrative chart: Argon2id requires more memory but offers stronger protection
🧠 What Does This Mean for You?
- Stronger password protection by default
- No action required for existing users — passwords remain secure and will be automatically upgraded when you log in (all logged sessions will be automatically disconnected)
- Peace of mind knowing we’re using industry-leading standards
Improved login- [Login: an act of logging in to a computer, database, website or system] - security
With this very useful update we have also greatly improved the security of the login; in all we have improved the anti-sealing functions of the authentication cookies, now the hash is not predictive, the device verification cookie is now encryptionally secure, also now the moderators can immediately disconnect all users from the platform- [Platform: the set of the main domain and all the subdomain of a particular website; also the computer architecture and equipment using a particular operating system] - simply by creating a new device verification cookie (no personal data is processed in this process) if there is any emergency in progress. Note: when argon2id is not available (for example in subdomains with cms) bcrypt will be used which remains always safe.
We take security seriously at MYETV, and this upgrade is one more step toward a safer platform for all our users.
Stay secure,
The MYETV Team
