how are password stored in database by developers

How Are Passwords Stored? (5 Methods Used by Developers)

On each website where you enter your password, the website owner has to keep it in a way or another so that it can check your identity the next time you log in. Do you wonder how they memorize your password? Is it safe? I’ll answer your questions in this article.

Developers have several methods they can use to store the password associated with an account. In most cases, they used a hashing algorithm to protect it, but other options are still used like plain text, encryption and other variants.

Keep reading if you want to learn more on this topic, we’ll see the 5 most popular ways to store passwords used by web developers currently.

Master Linux Commands
Your essential Linux handbook
Want to level up your Linux skills? Here is the perfect solution to become efficient on Linux. 20% off today!

Download now

Plain Text

The simplest way a site stores users’ passwords on their server is in plain text. This means that on their server, there is a database with your password and username contained in it, in an easily human-readable format.

Hide your IP address and location with a free VPN:
Try it for free now, with advanced security features.
2900+ servers in 65 countries. It's free. Forever.

With plain text storage, your password and username appear exactly the way you entered them into your account. When you enter your credentials, it checks the database to see if they match.

For example, if your password is Anderson1990#, it is stored exactly this way in the server of a website that you have account which uses plain text storage.

Plain text storage offers the least level of security for  your password. If the database is hacked, all users’ passwords stored there is compromised, as the hacker will have complete access to them.

Your Go-To Linux Command Reference!
Download your exclusive free PDF containing the most useful Linux commands to elevate your skills!

Hopefully, this is no longer the most popular methods to store passwords, I will now give you other examples.

Basic Encryption

To secure your password in a better way than plain text, most websites and database systems encrypts your password before storing it in their servers. Encryption involves using a special key to convert your password into a unique, random string of text.

If a hacker compromised the server and got hold of your encrypted password, he or she would not be able to log into your account unless the person also has the key to decrypt it.

The challenge with basic encryption is that the key, in most cases, is also stored in the same server that the passwords are. This means that if the server is hacked, the hacker won’t have much difficulty decrypting the encrypted passwords.

So, that’s still not the best way, and also not the most popular currently, let’s see the next one.

Hashed Password

Hashed password storage method is similar to encryption because it converts your passwords to a long string of numbers and letters to keep them hidden. However, unlike encryption, it is one-way traffic.

If a hacker or someone else gets the hash, the person cannot reverse the algorithm backwards to get the original password. This requires that a hacker get the hashes and then try a number of password combinations to see which one works (that’s what I explain here: the brute-force method).

The problem with this method is that, though a hacker can’t decode a password from the hash, the hacker can try many different passwords until a match is found. With a computer and program such as Rainbow Tables, a hacker can do this very fast. A Rainbow Table is a list of trillions of varying hashes and their passwords. In this instance, using a long password could make it difficult for hackers to crack the hash.

Some algorithms are better than other, but as a whole, there is not a 100% safe way to use this method to store passwords.

Hashed Password with a Dash Of Salt

Hashed password with a dash of salt is a method that adds a random string of characters called “salt” to the beginning or the end of your password before hashing it. This method uses a different salt for each password.

Your Go-To Linux Command Reference!
Download your exclusive free PDF containing the most useful Linux commands to elevate your skills!

Even if the salts are stored in the same server, it is difficult for hackers or someone else to find the salted hashes in the Rainbow Table. This is due to the fact that each salted hash is unique, complex and long.

However, this method offers far more security than the previous ones and is more difficult to crack. Hackers could use brute force to try to compromise this method, and it is not impossible. Though far more time-consuming and difficult.

A brute force attack is an attack in which cybercriminals meticulously try to log into an account using every imaginable combination of characters until they get the correct password. A longer, more complex password makes brute force attacks more difficult.

Master your cyber security skills:
Secure your spot in the Accelerator Program, with early access to exclusive resources.
Get 1000+ classes, unlimited mentorship, and more.

Slow Hashes

For hashes to be secure and robust, it needs to be slow. A slow hash password storage method makes the calculation of the hash slow to compute by using many internal iterations. The goal of the slow hash method is to make the trouble or difficulty of breaking the hash exceed the benefit that hackers would gain even if the hack were successful.

To hack a slow-hashed password database using brute force attack, time is of the essence and great importance. Slow hashes make it extremely difficult to carry out.

Hashing refers to splitting or chopping something into small pieces to appear as a sort of confusing mess. In computing, the hash function is a mathematical algorithm that maps data or information of varying sizes to a fixed size string.

The function input is referred to as “message” or just input. While the output of the fixed string is referred to as the hash or message digest. Some generally used hash algorithms include Message Digest (MDx) algorithm, MD5 and Secure Hash Algorithm (SHA), SHA-1, SHA-2 and SHA-256.

To keep your password safely, passwords managers are also using other strategies, like :

  • Cloud-based password managers
  • Cloud-based with two-factor authentication.
  • Computer-based
  • USB based.

Whenever you’re ready for more security, here are things you should think about:

- Break free from Gmail: You should be able to choose what happens to your data. With Proton, only you can read your emails. Get private email.

- Protect yourself online: Use a high-speed Swiss VPN that safeguards your privacy. Open-source, no activity logs. Get Proton VPN risk-free.

- Master Linux commands: A sure method to learn (and remember) Linux commands. Useful ones only, one at a time, with clear explanations. Download the e-book.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *