Hashing Passwords

In this article, you will learn some of the basics about password security and your role in keeping your users' passwords secure. By the end, you will be able to:

• Explain why you should never store plain-text passwords
• Describe how a hash function works
• Justify why hashing passwords is an important first step in password security

Storing Plain-Text Passwords

One of the first rules for users is: Never reuse the same password on multiple sites. Why? If a site you use stores passwords in plain-text and it’s ever leaked, that leaked password could allow unauthorized access to all of your other accounts where you reused it.

Conversely, one of the first rules for developers is: Never store passwords in plain-text. If a company does so, any developer with access to the production database could see user passwords. Even with good intentions (such as helping a user), this is still a major security risk.

Unfortunately, there have been many notable instances where large organizations stored passwords in plain-text. A well-known example involves Google, which announced in 2019 (despite generally following strong security practices) that a subset of enterprise accounts had their passwords stored in plain-text. This was quickly investigated and corrected, but it emphasizes why no one is immune to mistakes.

How Hash Functions Work

The standard for storing passwords securely involves both hashing and salting. Let’s focus on hashing first:

A hash function is a function that takes an input (e.g., a password) and returns an output (the “hashed” value). Two key properties:

1. The output cannot be reversed to get the original input.
2. Putting the same input into the hash function will always result in the same output.

Here’s some quick pseudocode:

function hashingFunction(input) {
    // lots of hidden logic to transform the input into the output
    return output;
};

const input1 = "password";
const input2 = "newPassword";
const input3 = "password";  // same as input1

const hashedPasswords = [
  hashingFunction(input1), // e.g. "13p98oihgaskdhjf"
  hashingFunction(input2), // e.g. "fh23984hdk1o3"
  hashingFunction(input3)  // "13p98oihgaskdhjf" same as input1's output
];

Notice in this example, input1 and input3 are the same, so the hashed output is identical, confirming the second property above. This also means if one password is leaked and someone recognizes identical hashes, they might infer two users have the same password. That’s why you should always choose passwords that are unique and unguessable.

Why Hashing Passwords is Important

Hashing passwords adds a layer of security because the stored hashed password can’t be easily converted back into the original text. If a database leak occurs and only hashed passwords are exposed, attackers have a harder time figuring out the real passwords.

However, hashing alone isn’t foolproof. With enough time or other weaknesses (like repeated or weak passwords), it’s still possible to guess what the original input was. That’s why it’s crucial never to expose even hashed passwords, and to strengthen your hashing with additional measures like salting.

You’ll learn more about salting soon, which further enhances security by preventing attackers from easily matching identical hashed passwords for different users.

What You've Learned

By now, you should understand:

• Why you never store plain-text passwords: If leaked, it compromises user security everywhere.
• How hash functions work: They produce an irreversible but consistent output for any given input.
• Importance of hashing passwords: It’s a vital first step to protect users if a breach occurs.

Remember, even as a user yourself, avoid reusing passwords and choose strong, unique ones. As a developer, hashing passwords is your responsibility—never store them in plain-text. You’ll delve deeper into how to bolster password security further using salting in upcoming lessons.