We decided to roll out this feature in multiple phases.
The first phase is planned for 3.2 and wonβt introduce any breaking changes. A guide on optionally enabling Argon2 is available in the docs. Feel free to share any feedback with the author there.
In the second phase, after broader community adoption, we plan to remove bcrypt. Guidance will be provided, considering insights from early adopters. A future version will introduce this as a breaking change with clear warnings and necessary actions.
Removal of bcrypt depends on the feedback about the use of argon2
The second option prioritizes safety for everyone. We need people to dive into the implementation and share feedback to handle this major breaking change in the future, affecting both code and data in a widely used part like auth system of any Meteor app.
For now, we expect developers to move there optionally, share their experiences, and provide feedback to the original author, as seen in the PR. Performance implications matter too, Iβd like to see how login behaves in comparison, as it could be a good meteor/performance case to measure. Thatβs why itβs important for users to migrate when possible and help improve stability and experience, before any final call on its mandatory adoption.