Verifying user passwords takes a significant amount of time because we use bcrypt

[jbuck]

Verifying user passwords and storing them in a secure fashion is important, which is why we use bcrypt. But because we use bcrypt, verifying passwords is really slow when you start to do more than 5 req/s with our current 2 dyno setup.

[jbuck]

Options:

• Throw more dynos at the problem
• Change bcrypt work parameters
• Use a faster bcrypt module (native lib with js bindings?)
• Use a different algorithm that's still secure
• Push bcrypt hashing somewhere else
  • On the client itself?
  • Onto a different service?
• Talk to FxA people, copy whatever they did

@ashleygwilliams @cadecairos @simonwex @thisandagain anything else you can think of?