Faulty password handling implementations that use outdated hashing methods like MD5 or fail to appropriately “salt” (or randomize) hashes to prevent brute force attacks are a bigger problem ...