As high-profile security breaches and hacks continue to occur, even to the unlikeliest of targets, it is always worth the investment to ensure adequate security on any website collecting personal information. Personal contact information, payment information, logins, and passwords are all sensitive targets that are desired by potential hackers.
If a company suffers an attack or data leak, their brand may never recover. Depending on the scale of the company and what is being leaked, such as the case with Sony, the financial implications could become huge. Once a company is associated with a hack, regaining public trust is difficult if not impossible.
Best practices in security dictate that a website should never store raw passwords and usernames in databases and use a hash to encrypt login information. Furthermore, in order to protect against brute-force attacks, encryption algorithms should not scale with Moore’s law. Most any determined hackers can afford to throw more computational power at a potential hack.