In our modern digital world, passwords are an integral part of our daily lives. They allow us to safeguard our online accounts, protect sensitive information, and block unauthorized access. However, weak password security practices can put us at risk of identity theft, financial loss, and other security breaches. With recent high-profile data breaches and cyber attacks, it’s more important than ever to understand how websites and applications store and secure our passwords.
But before we dive into passwords, lets take a step back for a second to consider what the password storage timeline even looks like.
As users of any app or website, we are used to interacting with something we call the “frontend,” that is, the client-facing interface that allows somebody to post a picture, send a message, or update their login information. But, behind the scenes of any post or login is a huge network of moving parts that handle, process, and store all data being sent to and from the website which we refer to as the “backend.” This is the place where all data we put into a website lives such as our personal data and, yes, even our passwords!
So, when we create a new account or update any login information, what we are actually doing is sending an update to a database somewhere in the backend that stores some type of encoding of our passwords. While generally this private data remains untouched, the possiblity of a data breach has led companies to add extra safeguards and layers of security when it comes to safely storing data. With this, we’ll be exploring the three primary ways websites and applications store passwords - storing plain text, encryption, and hashing - so that you can better protect yourself and your personal information.