encryption - How necessary is it to Encrypt database password field

Question

I heard that for security issues it is advised to keep the password field encrypted in the database.

In case of my website only I can access the database. And I have no problem with me viewing others passwords as per our web site policy.

Does this applicable to my website too OR there is some other security reason behind telling this.

Answer 1

The guidance is that nobody - not even the user themselves - should be able to see passwords, and that they should not be stored in the database in a way that allows them to be retrieved. This is because there are many ways in which this data can get lost - an administrator may print out a report, and leave it on their desk; an attacker might be able to use SQL injection to run database queries; someone may be able to break into your building and steal a backup tape.

Many customers use the same password on multiple sites - so if your sites is the weakest link, you may be exposing them to risks on other sites if they have re-used their passwords.

The recommendation is to use a cryptographic technique called "hashing", which takes the plaintext password and turns it into a meaningless string; there's no way to reverse the hash, which means that even if I stole the hashed password, I couldn't work out what the original, plain text was.

Hashing the same string twice gives the same hash - so when someone logs in, you hash their plaintext password, and compare it to the hash in the database.

The OWASP link provides further information on this topic, including "salting" the hash.