Address some suggestions

Author: phansys

best_practices/security.rst

@@ -32,8 +32,7 @@ site (or maybe nearly *all* sections), use the ``access_control`` area.
     Use the ``auto`` encoder for hashing your users' passwords.
 
 If your users have a password, then we recommend hashing it using the ``auto``
-encoder, instead of the traditional SHA-512 or BCrypt hashing encoders. This configuration
-will ensure you use the best encoder available in your system.
+encoder.
 
 .. note::
 

reference/configuration/security.rst

@@ -278,7 +278,7 @@ sure to allocate enough space for them to be persisted. Also, passwords include
 the `cryptographic salt`_ inside them (it's generated automatically for each new
 password) so you don't have to deal with it.
 
-.. _reference-security-bcrypt:
+.. _reference-security-encoder-auto:
 
 Using the "auto" Password Encoder
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

security.rst

@@ -124,8 +124,9 @@ command will pre-configure this for you:
             encoders:
                 # use your user class name here
                 App\Entity\User:
-                    # auto is recommended because it will try to use sodium, which
-                    # is more secure but requires PHP 7.2 or the Sodium extension
+                    # Use native password encoder
+                    # This value auto-selects the best possible hashing algorithm
+                    # (i.e. Sodium when available).
                     algorithm: auto
 
     .. code-block:: xml