Hashing is one-way encryption and in information security passwords are recommended to be stored in a hashed format so that applications or systems can verify if the correct password is entered without them actually storing your password. Running your passwords through a hashing algorithm converts your actual password into a random string of numbers, letters and/or symbols. This ensures that one cannot get the original text back from the hash, which makes it harder to steal.

When a user logs in with their unique password, the system scrambles it into a ‘hash’. The hash will then be saved onto the system instead of the actual password. Some servers’ encryption mechanisms though are far too simple and do not do a very good job at protecting these hashes.

An attacker can crack the hash and obtain a list of real passwords from a database that has been breached. The passwords list is first converted into hashes and used as a reference when attempting to match identical hatches. When an identical hash has been found, the attacker will then know what the actual password is and gain access to the particular user’s confidential information.

Like everything else, it’s not impossible to hack this method either.  Several methods to hack hashes exist like using rainbow tables, transmitting hashes directly, etc. Password security is a problem that affects everyone and the main reason is due to weak passwords. Maintaining a strong password protection strategy in your business will help to ensure that your critical data remains safe.