Rodauth ships in a maximum security by default configuration. The default and recommended way to use Rodauth is with multiple database accounts and using database functions for authentication, in order to protect access to password hashes from attackers. Even if you are storing nothing else important in your application, if you are storing password hashes, it is critical that you protect access to them as much as possible, so that an attacker will not be able to use the password hashes stored in your database to attack other sites.Additionally, Rodauth ships with support for 2 factor authentication via TOTP, protecting your site from password hash attacks on other sites.
