Have you ever seen a data hash? Many providers decide to secure your passwords and store them as hashes instead of as normal passwords. It might seem like a mess at first. Take a look at the following hashes.
- 482c811da5d5b4bc6d497ffa98491e38
- cbfdac6008f9cab4083784cbd1874f76618d2a97
It does seem totally terrible, doesn't it? You would have no chance of remembering these passwords, and most people would just give up if this is what they would see in a database. What does it even mean? If you would see this hash combined with an email address, you would be unable to log in with the credentials. Why? The data above are just hashes of the real password. When you type your username and password the provider then creates a hash of the given password and compares it with the stored hash. If they add up, you will be able to log in.
But, if you add the hash itself, a new hash will be created of the given hash and it will not be equal to the one in the database. As a result, you will not be able to log in.
But, let me return to the hashes again. They might seem terrible, but do you know that they are incredibly stupid? If you add the data to any hash cracker, you will at once see that they are the result of the MD5 and the SHA1 algorithm for creating hashes, and in the background, you will find the password password123.
That is why, if you use such a password and the hash is leaked, anyone with some knowledge will be able to track it back to your original password, and you will be in danger.
Would you like to learn more about all of this and how it works? I have just published an article in the IP address Guide dealing with what to do if your password hash has been leaked. I definitely recommend that you take a look at it.