Get Started Book a Demo

Password Salting

6th May 2020 | Cybrary Password Salting


password salting cybrary term

Password Salting is a technique used to help protect passwords stored in a database from being reverse-engineered by hackers who might breach the environment. Password salting involves adding a string of between 32 or more characters to a password and then hashing it. Password salting is one of the most secure ways to protect passwords stored for future authentication without exposing them should your website be breached in the future. However, salted passwords must also be iteratively hashed multiple times for this protection to work. When salting and recursive hashing are employed, Rainbow Tables become useless for password cracking. 

Source: Techopedia

Additional Readings: 

How to Secure Your Website against Data Breaches

Bad News: LastPass Website Breach. Good News, you should be Ok (because they Salted and Hashed your Master Passwords)

Related Terms: Hashing, Rainbow Tables

What does this mean for an SMB?

Similar to the advice in CyberHoot’s Hashing and Rainbow Table articles, if you develop code that stores passwords in a database for authentication, you must salt and hash those passwords to protect your users. Not doing so is asking for a critical brand crushing breach. Beyond simply salting and hashing passwords before storage, you should also follow these guidelines for success.

  1. Make sure the salt isn’t too short and do not simply use the usernames of the password as your salts. Salts should be 32 characters or longer in length.
  2. Avoid using outdated hashing algorithms, such as MD5 and SHA1.
  3. Ensure you hash the salted passwords multiple times. For the average website, you’ll want to recursively hash 1000’s of times. If you’re like LastPass, storing the Master Password, you’ll need to perform 100,000 recursive hashes before storing the results for future comparison.
  4. Finally, the first and best prevention method is to educate your employees on the threats they face. Educating your employees on the cybersecurity basics can stop these attacks before they succeed.

To learn more about how Hashing works, watch this short 2 minute video:

Secure your business with CyberHoot Today!!!


Sign Up Now

Latest Blogs

Stay sharp with the latest security insights

Discover and share the latest cybersecurity trends, tips and best practices – alongside new threats to watch out for.

MongoBleed: Why 87,000 Databases Had Their Front Doors Wide Open (And How to Close Yours)
20th January 2026 | Blog

MongoBleed: Why 87,000 Databases Had Their Front Doors Wide Open (And How to Close Yours)

Remember Heartbleed? That security nightmare from a few years back that made everyone panic about their...

Read more
QR Codes Are Back (They Still Want Your Password)
13th January 2026 | Blog

QR Codes Are Back (They Still Want Your Password)

Remember 2020? We scanned QR codes for everything. Restaurant menus. Parking meters. That awkward moment at a...

Read more
AI-Powered Phishing Kits Are Game-Changing, In a Very Bad Way
6th January 2026 | Blog

AI-Powered Phishing Kits Are Game-Changing, In a Very Bad Way

Phishing emails used to be easy to spot. Bad grammar. Weird links. Obvious scams. Those days are...

Read more
Get Started All Posts