Member-only story
Password Hashing Explained
What is Password Hashing?
Password hashing is a method used to securely store passwords in a database. Instead of storing the actual password, a hash of the password — a fixed-length string of characters that looks random — is stored. This process is one-way, meaning that the hash can’t be reverse-engineered to reveal the original password. Therefore, even if a malicious party gains access to the database, they won’t be able to determine the users’ passwords from the hashes alone.
How Does Password Hashing Work?
The idea behind password hashing is relatively straightforward. Whenever a user sets or changes their password, a unique, fixed-length series of characters is generated from it using a cryptographic hashing algorithm, like SHA-256, bcrypt, or Argon2. This hash is stored in the database, and the user’s password is not kept or logged anywhere.
When a user attempts to log in, the password they enter is hashed again using the same algorithm. The resulting hash is compared to the stored hash associated with that user in the database. If the hashes match, the password is correct, and the user is granted access.
