A password hash is a hash digest of a password obtained using a one-way hashing algorithm (not to be confused with [password-encryption])

- Stackoverflow.com Wiki
3 articles, 0 books.

The recent Ashley Madison hack has shown how to make your originally safe password hashing useless. Many passwords have been already decrypted that way and it again turns out that most passwords are super simple and predictable. It shows that even if the passwords wouldn’t have been cracked, hackers could still run word-lists on the hashes and get access to the accounts easily. Always choose a strong password and use them only once.

If you’re hashing your passwords with bcrypt/scrypt/PBKDF2 today, there’s nothing to worry about in the immediate future. This article is for you if you’re choosing a password hash today and want a future-proof solution.

All passwords should be hashed before entering a database because you have to consider the scenario where some malicious user attempts to gain entry into your data. Passwords are sensitive pieces of information that you don't want people to see.