@vedard - eviltoast
  • 6 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 12th, 2023

help-circle









  • Passwords are always sent to the server, then it is hashed to check it against the value in the database. It’s also possible to view your password by inspecting login requests from other websites. TLS is used to secure it while in transit.

    Hashing is done as an extra measure of security in case the database is compromised. This measure of security would have been completely void if the server would accept password hash directly. You could log in as any user by using his compromised hash.