Hi all, i'm studying password based user authentication systems, can you help me understand some common design flaws? THX