Use javascript front-end that converts password to hash on client before sending across web
To mitigate the risk of sending passwords as straight text over the web to your site, could you not have client-side javascript that converts the password to the SHA1 hash and send the hash to be checked?
3
votes
Andrew Macaulay
shared this idea
The pwned passwords page already does this.