In the following post I try to explain to an average computer user like how passwords are stored and why a company don't have to know your password but still can check if it's correct.
The by far worst way a company can store your password is just as plaintext. That means that store the password as it is. They can access it any if their database got hacked also the hacker has access to you passwords. If you know that a company is storing your password in plaintext stay away. You should not use this website or service anymore.
But how can you detect if someone stores your password as plaintext? Simple, if they ever show you your password by a reset attempt the must have it as plaintext stored.
The is a whole website about this: http://plaintextoffenders.com/
if you are a service or company you don't want to end up there.
Explained how a plaintextlogin works:
If your password matches to the password in their databse you can accss the restircted section of the page. But anyone, including members of the company or hackers who steal the database can then acces the restricted section of a page.
No, not that stuff you smoke from time to time.
Hashing means to hash a plaintext into a pretty random textstring.
For example the password "MyS3cre7Passw0rd" can be hashed to "E6EF1F534B085D8073704F64AB85540C3DA52C697ED97747F445E12F7FDEDC1A" using the sha265 hashing function.
You can try it by yourself my page:
The very special about hashing is that it can't be done vice versa. Means you can not go back from the hash to the original entered textstring.
Explained how a hashed login works:
You enter your plaintextpassword, then it is sent trough the hashing function which hashes the password. Then you check if the hashed password is the same as the hashed password in your database. If it is the same, you entered the correct password, if not, you entered the wrong.
Even if now an attacker or employee steals the password database its useless for them since they cant generate the passwords from the hashes. Simple but effective!
If you have any questions, let me know! :)