0

I am a new user for Firebase and I want to deepen it, but there is something I want to ask. I am making an Android mobile application that is connected with Firebase, here I use Firebase Authentication for the login and register system. what I want to ask is, does Firebase use hashing and salting to process passwords? and why firebase doesn't store authentication passwords.

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Nizar Nizar
  • 1

1 Answers1

1

When you use email and password authentication, Firebase stores salted hashes of the user password. It does not store the user password in cleartext.

Instead of explaining the reasons for not storing passwords in cleartext here (and probably fumbling a dozen times while doing so), I'll refer you to some good resources:

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
  • Thanks for the answer frank, if you say "Fired store hashes of the user password", is it stored in a system or does Firebase not store it? because I can't explain if someone asks me about it :( and I have tried to find out more, and found that firebase does not store passwords and firebase does one way hashing? Is that right Frank? – Nizar Nizar Dec 11 '18 at 03:26
  • Firebase indeed performs one-way hashing of the password with a salt. It stores the resulting hash, it does not store the password. There's really not a lot more to say about this. If this doesn't answer your need for information, I recommend you explain what you're trying to accomplish. As it stands, this feels like an [XY problem](http://meta.stackexchange.com/questions/66377/what-is-the-xy-problem), where we can typically help better if we know what you're actually trying to do. – Frank van Puffelen Dec 11 '18 at 03:42
  • Ok good then frank. I think I have enough explanation here, I apologize if I want to know more. thanks before frank :) – Nizar Nizar Dec 11 '18 at 03:55
  • oh one more frank, does the UID in Firebase Authentication have anything to do with the password or just as a marker for an account? – Nizar Nizar Dec 11 '18 at 03:58
  • They're unrelated. – Frank van Puffelen Dec 11 '18 at 04:28