Sure, it's not hard to use bcrypt for passwords. It's also not hard to make your login forms use https, or to do weekly backups, or to use source control, or to keep Wordpress up to date. Yet many many websites/apps/companies do not get these right.
The barrier is not difficulty. The barriers are lack of time to spend on infrastructure/security improvements, lack of motivation, and distraction due to new feature requests.
Of course forgoing these things will bite you in the end, but this is the internet age; people don't tend to plan that far in advance.
The barrier is not difficulty. The barriers are lack of time to spend on infrastructure/security improvements, lack of motivation, and distraction due to new feature requests.
Of course forgoing these things will bite you in the end, but this is the internet age; people don't tend to plan that far in advance.