In using Firebase Authentication for let's say a website where you can register/login, are the passwords already encrypted? The account of the user will be saved in the Firestore but it will only show the name and email of the user, the passwords are not shown in the firestore.
Asked
Active
Viewed 1,281 times
2 Answers
2
Yes the passwords are encripted by Firebase and you can't view them.
Tarik Huber
- 7,061
- 2
- 12
- 18
-
Firebase uses [Scrypt](https://firebase.google.com/docs/reference/admin/java/reference/com/google/firebase/auth/hash/Scrypt) for encryption – Dharmaraj Apr 23 '21 at 14:16
2
Firebase Authentication uses an internally modified version of scrypt to hash account passwords. Even when an account is uploaded with a password using a different algorithm, Firebase Auth will rehash the password the first time that the account successfully logs in.
- Accounts downloaded from Firebase Authentication will only ever contain a password hash if one for this version of scrypt is available, or contain an empty password hash otherwise.
Here is the Scrypt uses by firebase to hash password
Krishna Sony
- 1,286
- 13
- 27