IndustriesWorkPlaybookHow it worksAboutBook a systems auditBring us your idea

How do I protect customer passwords?

Straight answer

You protect customer passwords by never storing the actual password. Passwords should be hashed, turned into an irreversible scramble, so even you cannot read them. The safest path is to let an established authentication service handle this rather than building it yourself, because getting password storage right is easy to get subtly and dangerously wrong.

Information current as at 5 July 2026

If your app has customer logins, you are holding the keys to their accounts, and passwords are the most sensitive thing to get wrong, partly because people reuse them everywhere. Mishandle them and a breach of your app becomes a breach of your customers' other accounts too. The good news is that the safe approach is also the one that asks less of you: do not build this yourself.

Plain English
Hashing
Turning a password into an irreversible scramble, so the original cannot be recovered.
Salt
Random data added before hashing so identical passwords do not produce identical results.
Plaintext
A password stored as readable text, the dangerous mistake to avoid entirely.
Authentication service
A specialist service that handles logins and password storage securely for you.

The cardinal rule: never store the real password

The most important thing to understand is that you should never store the actual password a customer types. If your database holds passwords as readable text, called plaintext, then anyone who reaches that database, through a leak, a bug, or an exposed key, instantly has every customer's password. And because people reuse passwords, that is not just a breach of your app, it is a breach of their email, their banking, their everything. A properly built system never keeps the real password at all. It keeps only a one-way transformation of it, so that even you, the owner, cannot read your customers' passwords. If you can retrieve a customer's password to tell it to them, your system is doing it wrong.

What hashing is, and why it works

The technique that makes this possible is hashing. Hashing runs the password through a one-way function that turns it into a fixed scramble, from which the original cannot be worked back out. When a customer sets a password, you store only the hash. When they log in, you hash what they typed and compare it to the stored hash: if they match, the password was right, and you never had to keep the real thing. A crucial refinement is a salt, random data mixed in before hashing, so that two people with the same password get different hashes and pre-computed attack lists do not work. Done properly, even someone who steals your entire database cannot reverse the hashes back into passwords in any reasonable time. Done improperly, with a weak method or no salt, the protection is far thinner than it looks.

No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Why you should not build this yourself

Here is the honest advice: do not implement password storage from scratch, and be wary of an AI builder that did. Getting it right requires the correct hashing method, proper salting, sensible handling of resets and sessions, protection against automated guessing, and more, and the failure modes are subtle. An app can appear to log people in perfectly while storing passwords in a way that would collapse under a real breach. This is a solved problem best left to specialists. The safe path is to use an established authentication service, which handles hashing, salting, resets, and the rest correctly by default. Building it yourself, or trusting that a generated login did it right without checking, is where apps quietly acquire a dangerous weakness.

How to check yours and do it safely

To see how your app handles passwords, look at where they are stored. If you can open your database and read a customer's password as text, that is plaintext storage and it is a serious problem to fix urgently. If instead you see long scrambled strings, hashing is happening, though whether the method is strong is a deeper question. The most reliable answer is to route logins through an established authentication service and confirm your app is not keeping a copy of the raw password anywhere, including logs. Alongside that, encourage strong passwords, offer two-factor authentication to customers, and never email a password in readable form. If your app was built quickly and you are unsure how passwords are stored, that uncertainty is worth resolving before you have many accounts, because retrofitting safe password handling after a breach is far harder than getting it right first.

Common questions

Questions, answered

How do I know if my app stores passwords safely?
Look in your database. If you can read a customer's password as plain text, that is unsafe and urgent to fix. If you see long scrambled strings instead, hashing is happening. The safest answer is to use an established authentication service and confirm the raw password is never stored anywhere, including logs.
What is wrong with just storing passwords so I can help users who forget?
Everything. If you can read a customer's password, so can anyone who reaches your database, and because people reuse passwords, that breach spreads to their other accounts. A proper system never stores the real password. For forgotten passwords, you send a reset link, not the old password, which you should not be able to see.
Should I build the login system myself?
No. Password storage is a solved problem with subtle failure modes, and an app can appear to work while storing passwords dangerously. Use an established authentication service that handles hashing, salting and resets correctly by default. Building it yourself, or trusting an unchecked generated login, is where hidden weaknesses creep in.
What is hashing, in one sentence?
Hashing turns a password into an irreversible scramble, so you store only the scramble and can check a login by scrambling what was typed and comparing, without ever keeping the real password. Add a salt so identical passwords produce different scrambles. It means even a stolen database does not hand over usable passwords.
No pressure
Show us what you built.

If you have made something and it needs to become real, send it over. We will tell you honestly what it needs to be live, safe and yours, whether that is a quick fix you can do or a proper build. No obligation.

Start here

Two doors. Same senior team.

Whether you can name exactly what you want built, or you just know something is leaking, the next step is the same conversation.