[WEBINAR] The New Normal: Dealing with the Reality of an Unsecure World

How can passwords be stored securely in a database?

Q: How can passwords be stored securely in a database?
A: The issue of storing passwords in a database is one that requires looking closely at data encryption and security protocols that will stop these valuable pieces of data from being hacked or stolen. Experts have come up with some fairly reliable standards for keeping stored passwords in a database more secure.

In addition to principles and strategies for password protection, it helps to promote the use of relatively strong passwords that resist easy guesses by hackers. In addition, engineers and administrators must look at the vulnerability of traffic coming into or out of a database, to prevent different types of password theft.

One fundamental part of password security, in terms of database storage, is called a hash function. A hash function is a complex function that changes a text password into a more complex set of characters by using more complex operations than a familiar mathematical operation such as multiplication. Using hashes and hexadecimal formats can help those who are storing passwords on a database to confuse hackers. Hashes are also used to substitute shorter character strings for longer ones to make data storage and retrieval more efficient.

Another critical aspect of password storage encryption is often called "salt." The principle of salting passwords involves creating additional characters after a text string that are not part of the actual data being stored, but are just useless and insignificant symbols that help to disguise a password. Some refer to salt characters as "noise."

Using complex values and salt, and keeping different types of password keys in strategic places, can help to encrypt the passwords that are stored on a database. Processes for encryption are always evolving, and new technologies could provide additional opportunities for storing valuable data in secure ways. Professionals often use these emerging standards as a reference. For instance, as the technology Pretty Good Privacy (PGP) (which uses hashes) emerged in the early 1990s, it became a standard for encryption.

Have a question? Ask Techopedia here.

View all questions from Techopedia.

Techopedia Staff
Profile Picture of Techopedia Staff

At Techopedia, we aim to provide insight and inspiration to IT professionals, technology decision-makers and anyone else who is proud to be called a geek. From defining complex tech jargon in our dictionary, to exploring the latest trend in our articles or providing in-depth coverage of a topic in our tutorials, our goal is to help you better understand technology - and, we hope, make better decisions as a result. 

 Full Bio
Free Whitepaper: The Path to Hybrid Cloud
Free Whitepaper: The Path to Hybrid Cloud:
The Path to Hybrid Cloud: Intelligent Bursting To Amazon Web Services & Microsoft Azure
Free E-Book: Public Cloud Guide
Free E-Book: Public Cloud Guide:
This white paper is for leaders of Operations, Engineering, or Infrastructure teams who are creating or executing an IT roadmap.
Free Tool: Virtual Health Monitor
Free Tool: Virtual Health Monitor:
Virtual Health Monitor is a free virtualization monitoring and reporting tool for VMware, Hyper-V, RHEV, and XenServer environments.
Free 30 Day Trial – Turbonomic
Free 30 Day Trial – Turbonomic:
Turbonomic delivers an autonomic platform where virtual and cloud environments self-manage in real-time to assure application performance.


  • Being digital should be of more interest than being electronic.
    - Alan Turing, 1947