Why should you never store passwords in plain text? How do you secure them properly?

Question

Accepted Answer

Storing passwords in plain text is a serious security flaw. If the database is compromised, all passwords are exposed. Since users often reuse the same passwords, this can compromise their accounts on other services.

To secure passwords, we use hashing. A hashing algorithm transforms the password into a fixed-length string that cannot be reversed. Even with the hash, you cannot recover the original password.

However, a simple hash is not enough. Attackers use rainbow tables, precomputed lists of hashes for common passwords. To counter this, we add a salt, a random value unique to each user. The salt is concatenated with the password before hashing, making precomputed tables useless.

The recommended algorithms today are bcrypt, scrypt, and Argon2. These algorithms are deliberately slow and resource-intensive, making brute force attacks impractical. Bcrypt is the most widespread and automatically handles salt management.

Here are the best practices. First, use bcrypt with a cost, or work factor, of at least 10. Second, never implement your own hashing algorithm. Third, generate a unique salt per user. Fourth, periodically increase the cost as hardware becomes more powerful.

During login, we hash the submitted password with the same salt and compare the hashes, never the plain text passwords.