Hashing

You should store user passwords as strong, cryptographic hashes.

Storing user passwords as plain text will result in a massive security breach if your database is compromised. To reduce this risk, store only the hash digest of each password. When a user authenticates, re-compute the hash and compare it with the stored hash.

Be sure to salt your passwords hashes too.

import bcrypt

password = "ab9bb555-afc4-49f0-94cb-e58765e5693b"
salt     = bcrypt.gensalt()

# This is the value you should store in the database.
hashed = bcrypt.hashpw(password, salt)

# This is how you check a password once a re-enters is.
if bcrypt.checkpw(password, hashed):
  print("Password entered correctly")

Further Reading

• Secure Password Hashing.