As a web/software developer I would recommend to put migration of clear text password to hashed password + salt as one of the top priority as well.
We had one of legacy projects that stored password in clear text. Although it is convenient for the client to obtain the password for their day-to-day operation (on behalf of their clients), it makes the system become risky target for bad guys trying to find information.
We basically did the following steps for conversion on the database site (not literally, but this is the overview).
1. Write shared helper method that create salt and hashed password.
2. Write shared helper method that create hashed password based on given salt.
3. Create two columns on the login table: Hashed Password and Salt.
4. Create a script that go through each entry on the login table and then convert clear text to hashed with new random salt.
5. Initially update the login validation to use both clear text/password until the conversion is done.
6. Remove clear text and login add/edit/delete method that use clear text altogether.
To work with less data entry is probably better..
Last edited by Frostshoxx : 02-03-2014 at 06:15 PM.