Why should you hash passwords?
Because if the database is leaked, plain-text passwords expose every user. People reuse passwords, so one leak breaks other accounts. Hashing turns passwords into irreversible strings, so a leak does not reveal the passwords.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Password Security Interview Questions and Answers
SHA-256 is a fast hash, not a password hash. Fast means brute-forcing a list of hashes is fast. bcrypt is slow on purpose and has a salt built in, making brute-force expensive.
A random value added to the password before hashing. It ensures two users with the same password get different hashes. Prevents rainbow table attacks. bcrypt and argon2 handle salting automatically.
Generate a random token, store its hash with a 15-min expiry, email a link with the raw token, verify the hash on reset, hash the new password, invalidate the token. Rate limit the request endpoint. Do not reveal if the email is registered.
Still have questions?
Browse all our FAQs or reach out to our support team
