We SHA256 the passwords on the client side at Userify (SSH key management for EC2) as well (bcrypt is too slow in mobile browsers), and then bcrypt on the server side the resultant hash. (We don't cache it, though.)
Even in the event of a TLS leakage, we still never see your original password, and the server doesn't end up doing any more work. It's not perfect, but I definitely agree it's a great step forward.
Even in the event of a TLS leakage, we still never see your original password, and the server doesn't end up doing any more work. It's not perfect, but I definitely agree it's a great step forward.