Skip to content
Home » How to store a password in a database

How to store a password in a database

  • by

Hello, and welcome to today’s class on storing passwords in a database.

Don’t store passwords in a database.

Thanks for attending.

Photo by James Sutton on Unsplash.

4 thoughts on “How to store a password in a database”

  1. Pleae excuse my ignorance: why not?
    If the application server encrypts the password & username first and the encyption algorithm is not known to the person looking in the DB, is this a serious security risk?
    Where, then, should passwords be stored?

    1. I believe the unspecified reason is that you only encrypt something you intend to decrypt (like an SSN at tax time if your system is involved with those). If it can be decrypted then it’s insecure by definition. Instead, store hashes from which the original value cannot be retrieved – only compared for changes.

Comments are closed.