How to store a password in a database

Hello, and welcome to today’s class on storing passwords in a database.

Don’t store passwords in a database.

Thanks for attending.

Photo by James Sutton on Unsplash.

4 thoughts on “How to store a password in a database

  • Pleae excuse my ignorance: why not?
    If the application server encrypts the password & username first and the encyption algorithm is not known to the person looking in the DB, is this a serious security risk?
    Where, then, should passwords be stored?

    • I believe the unspecified reason is that you only encrypt something you intend to decrypt (like an SSN at tax time if your system is involved with those). If it can be decrypted then it’s insecure by definition. Instead, store hashes from which the original value cannot be retrieved – only compared for changes.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: