Securing Passwords in User Authentication

Jae Jeong - Oct 4 - - Dev Community

Introduction

When passwords are saved as plaintext, there is a huge risk of the password being exposed in a data breach. In order to make it difficult for hackers from obtaining such data, password hashes and salting are concepts used in securing passwords.

Password Hashes

A password hash is a string of fixed length that is generated by a hash function from a password. Hashing transforms a given password into a unique representation that is stored in place of a plaintext password. Hashing is a one-way operation which makes it difficult for hackers to reverse-engineer the original password. An analogy for the hashing process is making a smoothie. All the ingredients can be blended into a smoothie, but the process cannot be reversed to obtain fruits from a smoothie.

Salting

A salt is a random string added to the password before it is hashed. Each password has a unique salt. Salting prevents attackers from using precomputed hash tables (also known as rainbow tables) to crack passwords. This means that even if two users have the same password, their hashed passwords will be different because each has a unique salt.

Bcrypt

Bcrypt is a popular library that is used to secure user passwords. It utilizes hashing and salting through a cryptographic algorithm to scramble a user's password into a unique string. Whenever a user logs in, the inputted password is re-hashed with the unique salt and compared to the stored password.

Using Bcrypt in Python 




import bcrypt



# Hash Function

def hash_password(password):

    # Generate a salt

    salt = bcrypt.gensalt()




<span class="c1"># Hash the password with the salt






    Enter fullscreen mode
    


    Exit fullscreen mode
    









    hashed_password = bcrypt.hashpw(password.encode("utf-8"), salt)




<span class="k">return</span> <span class="n">hashed_password</span>






    Enter fullscreen mode
    


    Exit fullscreen mode
    









# Example Usage

password = "password"

hashed = hash_password(password)

print(hashed)

# returns $2b$12$zN6GSrAJGHu5ERqjHQUBOugzdHwLpR7jOiTwGE.G0LEv8.OxBNREm
Enter fullscreen mode Exit fullscreen mode




Conclusion

Plaintext passwords are a huge risk in data breaches. Password hashing and salting are crucial in maintaining user security. Bcrypt is a popular library used to secure passwords. Other popular libraries include scrypt or Argon2.

Image
Master Core Spring Boot Concepts: Inversion of Control, Dependency Injection, and Your First Spring Boot Application

java, springboot, dependencyinversion, restapi
Image
The Future of Transportation: A Comprehensive Analysis of the Robotaxi Market
Image
Welcome to Cycle Labs - Innovating the Future of Performance

webdev, javascript, beginners, programming
Image
Looking for your APIs
Image
How the Ruby Repository Masters Fast Merges: Cutting Corners or Genius Efficiency?

ruby, opensource, development, softwaredevelopment
Image
Generate Avatars with Initials Using UI Avatars

webdev, avatars, api, wordpress
Image
Archivo .env para las variables de entorno en Python

python, security, api, spanish
Image
Discover the Power of Julia with "Think Julia" 🚀

getvm, technicaltutorials, programming, tutorial
Image
Hire WordPress Developers: Build a Custom High-Performance Website for Driving Success
Image
Why High Performance Hosting is Crucial for Your Business Website
Image
Game vs. App Testing: A Comparative Guide

gamedev, mobile, testing, programming
Image
Kepala Bergetar
Image
Are you looking for a Ruby On Rails Developer to build your new web app?

ruby, rails, webdev, development
Image
Authentic GSEC Dumps First Attempt Guaranteed Success in GIAC GSEC Exam
Image
CI/CD pipeline

cicd, docker, kubernetes, gitlab
Image
Improving Water Heater Power Disaggregation with Limited Data: A Practical Approach

power, disaggregation, python, tutorial
Image
Token Bucket Algorithm: An Essential Guide to Traffic Management

webdev, javascript, programming, tutorial
Image
How Upwork Can Serve As An Inspiration For Product Development
Image
Guide to Image Upscaling: Exploring GANs, Diffusion Models (LDSR), and OpenCV Methods

computervision, machinelearning, ai, python
. . . . .
Terabox Video Player