Merge pull request #4 from arkadiyt/bcrypt-fix

Fix bcrypt checklist item

Author: abhishek-anand

security-checklist.md

@@ -5,7 +5,7 @@
 
 ##### AUTHENTICATION SYSTEMS (Signup/Signin/2 Factor/Password reset) 
 - [ ] Use HTTPS everywhere.
-- [ ] Store password hashes using `Bcrypt` with a random `salt`.
+- [ ] Store password hashes using `Bcrypt` (no salt necessary - `Bcrypt` does it for you).
 - [ ] Destroy the session identifier after `logout`.  
 - [ ] Destroy all active sessions on reset password (or offer to).  
 - [ ] Must have the `state` parameter in OAuth2