You're Probably Storing Passwords Incorrectly

@Bob Armour - wow, you don’t get it 3 times as much as you thought you didn’t :wink: However, I think the idea is that the salt is “randomly generated vs. a dictionary word” rather than “randomly generated per database row”, otherwise there’s definitely an issue - you have to store the salt generated for each row.

@Jrn Zaefferer, Scott - Hashing passwords definitely stops the system from ‘remembering’ your password, however there are many 2-way encryption techniques that use a private key to turn a recognisable phrase into something effectively random for storage and back again when required. HTTPS is a prime example of this. Of course, you then need to ramp up the security on the private key