🔐 How passwords are stored when we register on a site or app

Posted by

  



When we register on a website or application, we are almost always asked to choose a password to protect our account. But what happens to that password after we enter it in the registration form? Does the site store it as is? Fortunately not.

Storing passwords in clear text (i.e. readable as they are entered) would be extremely dangerous, because in the event of a data breach, anyone could see the user credentials. That's why there's a much safer system: hashing.

🔗 Do you like Techelopment? Take a look at the site for all the details!

🔍 What is hashing?

hashing is a process that takes as input a sequence of characters (such as a password) and transforms it into a fixed string of predefined length, which represents the digital fingerprint (or digest) of the original data. This process is irreversible: it is not possible to trace the original password from the hash.

A concrete example:

  • Password: MyDog123!

  • Hash (using SHA-256):
    e07a32a7b038abc7c2f1571bb5cbb3ff0551592d65fc8931ac42125df7f2536e

This seemingly random string is what the site stores in its database, not your original password.


🔄 How it works saving your password?

When you register:

  1. Enter your password in the form.

  2. The site hashes your password.

  3. The hash is stored in the database.

  4. The original password is never saved or sent over the Internet in clear text.

A "salt" is also often used, which is a random value added to the password before hashing, to increase security against hacking. attacks called "precomputed" or "rainbow table".


✅ And during login?

When you enter your password to log in:

  1. The site does not directly compare it with the value in the database.

  2. Instead, apply the same hash function to the password you just entered.

  3. Then compare the resulting hash with the one already stored in the database.

  4. If the two hashes match, access is authorized.


🧠 Why is hashing secure?

  • It is deterministic: the same password will always produce the same hash.

  • It is irreversible: you cannot "unscramble" a hash to find the original password.

  • It is fast, but modern algorithms like bcrypt or Argon2 are also designed to be computationally expensive, making the most difficult brute force attacks.

  • By using salt, it is guaranteed that even two users with the same password will have different hashes.


🧭 Login Process Flowchart

Here is a diagram that clearly shows the password verification process during login:

Password check process


🧩 Conclusion

When you register on a site, your password is never saved in clear text, but transformed using a hashing function. During login, the system does not need to know your original password: it just needs to verify that its hash matches the one saved.

This method protects your privacy and data, even in the event of a database breach. For this reason it is always advisable to use strong and unique passwords for each service.



Follow me #techelopment

Official site: www.techelopment.it
facebook: Techelopment
instagram: @techelopment
X: techelopment
Bluesky: @techelopment
telegram: @techelopment_channel
whatsapp: Techelopment
youtube: @techelopment