I am developing a system which requires three pieces of data for creation of an account; a username; an email address; and a password.
bcrypt, I am planning to use
Argon2 for hashing both user passwords and email addresses. This poses a problem, because – if I am thinking correctly – integrating
Argon2 hashing and verification would potentially require me to make two queries instead of one; the first one to fetch the hashed email address or password; and the second one to update the document with the updated piece of data.
Furthermore, a credentials document does not allow me to store data other than metadata and a password, which is not ideal for my use case. I am aware that I could solve this by creating two credentials documents and saving references to them in the user document, but this would force me to use
bcrypt as well as prevent me from using the built-in
Login() function for verifying hashes.