In the previous post, we spoke about biometric authentication. Let's look today on another member of the triad. Let it be "something I know". The most common mechanism here is the password.

In a nutshell, it works in the following way. When I register somewhere, I give them my name (unique of course) and password. They put it in the table in one row. Next time I come, they ask me for a name and a password. If what I entered matches to what they have (only I know the password), my identity is confirmed.

I want to learn with you toady one spell that helps to keep passwords unknown to everyone except you, even if someone gets access to that table. By the way, who can have access to the table? Developer, administrator, so it is not a rare case. More often, that is something common.

Meet Hash. He said that he is from "qwerty". 65e84be33532fb784c48129675f9eff3a682b27168c0ea744b2cf58ee02337c5.

The magic here is that

• Hash is unique to your password

• It is easy to calculate a hash from your password and almost impossible to do another way around.

That is the most important thing to know about hash.

Does anyone store password in plain text? No. In fact, only your name and hash from your password are stored in that table. If anyone goes there, s/he will find there a string like you see above. S/he cannot guess your password from it.

It so essential, but even some blue-chip companies do not follow this rule. And they are screwed up when that table leaks.