# Hard Coded Credentials Analyzer PRO
|Category||Severity||Time To Fix|
|🛡️ Security||Minor||5 minutes|
This analyzer scans your application code to detect hard coded credentials in your source code.
It is considered a bad practice to have hard coded credentials in your source code because of the following reasons:
- It allows all project developers to view the password.
- If the account protected by the password is compromised, you would be forced to choose between security and availability.
- Once the code is in production, the password cannot be changed without patching the software.
# How To Fix
Remove all references to hard coded credentials and either store them in the database or in your
.env file, which can be referenced by a config file.