Just wanted to know if anyone here has designed a commercial real life database which (part of it) is to do with storing usernames and password and other personal information.
Do you keep all the data in the same table? i.e.
UserID(P.K) username, password, email, firstname, lastname, city, etc... in just one table or do you separate the details into more tables, such as
table 1 will hold UserID, username and password only and the rest of the personal details in another table with a reference to the first table.
My question is not only for design issue, but also taking into account any security issues for one design or the other.