From f6f7e157350d34cec55ae08c60693047ccc79768 Mon Sep 17 00:00:00 2001
From: TwiN <twin@twinnation.org>
Date: Sat, 8 Jan 2022 19:41:50 -0500
Subject: [PATCH] docs(security): Add warning about using a high cost for
 bcrypt

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index 9262144b..e35c7c4f 100644
--- a/README.md
+++ b/README.md
@@ -886,6 +886,9 @@ security:
     password-bcrypt-base64: "JDJhJDEwJHRiMnRFakxWazZLdXBzRERQazB1TE8vckRLY05Yb1hSdnoxWU0yQ1FaYXZRSW1McmladDYu"
 ```
 
+**WARNING:** Make sure to carefully select to cost of the bcrypt hash. The higher the cost, the longer it takes to compute the hash,
+and basic auth verifies the password against the hash on every request. As of 2022-01-08, I suggest a cost of 8.
+
 #### OIDC (ALPHA)
 | Parameter                        | Description                                                    | Default       |
 |:---------------------------------|:---------------------------------------------------------------|:--------------|