Can a website see my password?

A properly built website shouldn't have to save or read it in plain text. It only checks whether your input matches the saved derivation.

What is the difference between hashing and encryption?

Hashing is intended for secure comparison and is ideally irreversible. Encryption is reversible and therefore usually unsuitable for password storage.

Why are old systems more problematic?

Because they often work with outdated algorithms, weak parameters or poor migration strategies.

Updated: March 19, 2026

7 mins

How are passwords stored?

How do websites really store passwords?

Reputable websites do not store passwords in plain text, but rather as hashed values with additional protection mechanisms such as salt and modern password hashing procedures.

password storagesave password websitepassword database

Why websites don't need passwords in plain text

A service doesn't need to be able to read your password to log in. He just has to check whether the entry matches the previously stored evidence.

That's why passwords are ideally not stored reversibly, but rather converted into secure comparison values using suitable procedures.

The usual safe procedure

When setting the password, a salt is added and a hash is created.
It is not the password itself that ends up in the database, but only the value derived from it plus the necessary metadata.
When you log in, the same process is executed again and compared with the stored hash.

Where implementations fail

Problems arise when applications use outdated algorithms, too few parameters, or even reversible storage. Then database leaks become significantly more dangerous.

From a user perspective, this is another reason to never reuse passwords. Even if a provider is poorly implemented, the damage may not spread to other accounts.

Quick checklist

The most important actions from this guide in compact form.

Only use modern password hashing procedures in your own projects.
As a user, use strong, unique passwords because you never fully control the server implementation.
Check old accounts regularly and update them if you are unsure.

Common questions

Create a strong password now

Use the Zenkey.click generator to create a strong random password or a secure passphrase right away.

Hashing vs. encryption for passwords

If you want to keep going, this is the next guide to read.

Cryptography6 mins

Hashing and encryption are often confused. For passwords, hashing is the right approach because the server should not be able to recover the original password.