From the course: Master Next.js by Building Scalable Apps with Routing, Databases, and Performance

Unlock this course with a free trial

Join today to access over 25,200 courses taught by industry experts.

RQ: Implementing hashing

RQ: Implementing hashing

What are the reasons for storing hashed passwords into the database? There are many security reasons for storing the hashed or encrypted password into the database. Let's say we are storing the password as a plain text and if an attacker or unknown user gains the access of the database, then they might misuse those credentials to attempt fraud. There are many cyber attacks made to breach passwords like brute force attack, phishing attacks, man-in-the-middle attacks, etc. So we have to secure the user's password by hashing to prevent such kinds of cyber attacks. In case credentials are leaked, then the attacker cannot use those hashed passwords. To get an actual password, they have to decrypt them with the unique key, which is known as is salt. Without the salt, they cannot decrypt the passwords. So, the best practice is to store the hashed or encrypted passwords into the database and use algorithms like bcrypt, SHA-256, HMAC, PBKDF2, Argon2, etc. Explain the steps for hashing and…

Contents