Storing Passwords in Database securely

When we want to have a database to save our users username and password, it is important to save them securely on the database.

What are the possibilities:

1- Save the password as plain Text -> Never do this :)

2- Encrypting the password and save it -> better and harder for hackers

3- Add random Salt and then Encrypt it -> better than before

4- Add pepper , random salt and then encrypt-> The most secure option

I will use bcrypt package (it is open-source) to do the encryption (Hashing) here. this package is available in pip and npm.

Step 1 : Installation

pip install bcrypt

for Ubuntu :

sudo apt-get install build-essential libffi-dev python-dev

step 2: How to encrypt password:

import bcrypt
plain_text_password = "12345xyz"
hashed = bcrypt.hashpw(plain_text_password.encode('utf8'), bcrypt.gensalt(14))

first we need to make sure the string is encoded in ‘utf8’ format and then use hashpw to encrypt the password. The encrypted password (hashed) can now be saved in to the database for that specific user. I used 14 as generate salt variable it is called logarithmic work factor and…