We're using a two-step authentication on a web-app, which consist of:
1- Username/password 2- Memorable-word
The password is being hashed then stored, where the memorable-word is stored as it is, obviously, it is as important as the password, do you recommend to encrypt it then store it or leave it as it is?