Home » How to store a password in a databaseHow to store a password in a databaseby RandolphJuly 31, 2019September 16, 2022Hello, and welcome to today’s class on storing passwords in a database. Don’t store passwords in a database. Thanks for attending. Photo by James Sutton on Unsplash. Tags:encryptionpasswordsSecurity previousThe importance of backupsnextGatekeeping and why language matters 4 thoughts on “How to store a password in a database” Sean Redmond July 30, 2019 at 11:26 pm Pleae excuse my ignorance: why not? If the application server encrypts the password & username first and the encyption algorithm is not known to the person looking in the DB, is this a serious security risk? Where, then, should passwords be stored? randolph July 31, 2019 at 12:26 am They shouldn’t be stored anywhere. That’s the entire point. Encryption isn’t the answer. Hannah Vernon July 31, 2019 at 11:39 am Perhaps a mention that hashing passwords, and storing the hash, if done correctly with a good salt, is ok. Kit July 31, 2019 at 11:59 am I believe the unspecified reason is that you only encrypt something you intend to decrypt (like an SSN at tax time if your system is involved with those). If it can be decrypted then it’s insecure by definition. Instead, store hashes from which the original value cannot be retrieved – only compared for changes. Comments are closed.