I would argue that any data that, in the event the backend (database) is compromised, would leak critical authentication data should be salted & hashed prior to storage. There would have to be a strong business case for storing them in plain text.
I would argue that any data that, in the event the backend (database) is compromised, would leak critical authentication data should be salted & hashed prior to storage. There would have to be a strong business case for storing them in plain text.