storing passwords in sql server database using ef core code first

Question

I have this class to represent my users:

public class User
{
    public int ID {get; set;}
    public string UserName {get; set;}
    [DataType(DataType.Password         


        

Answer 1

YES YES YES

Never store passwords as plain text

While much of this is a security discussion rather than a programming one, you should only be storing a secure hash (PBKDF2, Argon, and Bcrypt are current standards) along with a unique salt used for that hash.

Storing it as you are is just asking someone to steal your database and get all your users passwords without any more effort than reading the Password column (which they probably reused a million other places).

Its still OK to store it as string though.

The DataType.Password is just an annotation for consumers of your class to read. (per https://msdn.microsoft.com/en-us/library/system.componentmodel.dataannotations.datatype(v=vs.110).aspx). It does not enhance security from a storage/database perspective.