When practicing new concepts, we might store plaintext passwords in a local database, but this is incredibly insecure. One should never do this in a production environment. Sensitive Data Exposure is one of the OWASP’s Top Ten security risks to web applications for a reason! Instead, you should hash passwords before storing them in a database in order to protect your users from being hacked.

There are plenty of cryptographic hashing functions to choose from, such as the SHA-3 or MD-5 algorithms. SHA-3 and MD-5 algorithms are known to be quite fast. Unfortunately, the faster the function, the faster a hacker can retrieve a hashed password through brute-force attacks. So, using a function that is slower at hashing passwords can actually protect your users.

We can accomplish this by using the bcrypt algorithm and library. Using bcrypt, we can protect our users by hashing and salting passwords. Using multiple rounds of hashing ensures that an attacker must deploy massive funds and hardware to be able to crack your passwords.


Press “Next” to move on the next exercise!

Take this course for free

Mini Info Outline Icon
By signing up for Codecademy, you agree to Codecademy's Terms of Service & Privacy Policy.

Or sign up using:

Already have an account?