User blog comment:Rappy 4187/Technical Update: March 8, 2017/@comment-11733175-20170308232857

As bcrypt is a one-way algorithm, as I would hope the current hashing method is, how will users be migrated to the new method? I've seen strategies such as swapping them when a user logs in, but I tend to be on Fandom so often that it always remembers and seemingly refreshes my session so I only need to log in when I've logged out for one reason or another.

Are there any plans on what performance analytics will be added to insights? ParserSpeed was useful to a point, but it's lack of features made it cumbersome and tricky to use unless you resorted to rather extreme circumstances - I once called a Lua module 4000 times to test performance improvements in string concatenation compared to using a table join on a high use module. Afaik, there's no way to do similar tests now it's been removed.

Edit: It's worth pointing out that while Helios might be considered secure, pretty much anyone using a bot sends their password over simple HTTP because that's all the API supports. Storing the password more securely is good and provides protection if the database is compromised for any reason. Not using HTTPS to log in allows for man-in-the-middle attacks which can simply steal your unencrypted, plain text password and all the hashing in the world won't save you.