Implemented Bcrypt to Hash Stored Passwords
I made a large improvement to the way we hash our user passwords.
When a log in is processed the username and password are submitted and the password is hashed.
password turns into something like 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 and is actually stored in the database this way.
It is then possible to use brute force to gain access to a site.
This method is commonly used in WordPress, Modules for Drupal, and Typo3.
Here is a great Info graphic on password security.