How are my passwords stored?
Your passwords are hashed before being stored in our secure database. Before being hashed, they get a salt, in order to make attacks way harder. To login, the user-provided password is hashed and compared with the saved hash of the true password in the database.
Hashing is a one-way procedure to convert your plain-text password into a non understandable character string that has seemingly no connection to your password. One password will always be converted to the same hash. The specialities of the hashes is that it is practically impossible to find a plain-text password if one knows the hash and it is impossible to find two passwords that have the same hash. All those properties are of course mathematically proven.
Example: one possible hash of the password $@x8^R2F5~KT^N~:vLR7 would be $2y$18$xjF0czKlPyc8nHOiq3.l7e8DoQdxlBxXU3UVvxnoHIMQDX8o3he8O.
Please be aware that this definition has been strongly simplified.
The idea behind Salting is to add a randomly generated character string to the password before the hashing. This salt is of course also saved to the database and each time included into the hash-calculations. That way, some randomness has been added and attacks like rainbow-table-attacks can be mitigated.
Please be aware that this definition has been strongly simplified.