@orangy for example - if I look at ktor, the password security is left up to the user. 9 times out of 10 a beginner would not even know what to do there. Compare it to https://github.com/rails/rails/blob/master/activemodel/lib/active_model/secure_password.rb . bcrypt by default. A closer example is Spring - http://docs.spring.io/spring-security/site/docs/current/apidocs/org/springframework/security/crypto/bcrypt/BCrypt.html