# PW101

Passwords, secrets and keys should not be hardcoded into Python files.

Python can easily be disassembled in memory and strings can be loaded.

## Example

```python
password = "SUPER_SECRET"
```

```python
secret = "my super secret key"
```

## Fix

Use a salted or one-way hash for storing passwords and compare against the hash.