Purpose of password encryption
I was wondering why do web applications encrypt the passwords when saving them to the database? If someone has access to the database, he can change the password if he wants. Then why should we encrypt passwords?
In real world or in bigger organization security place a vital role. You can't assure that db can be accessed only by authorised person, ideally we won't store password in db , it should be stored in vault. But if we stored in db then it should be stored in a encrypted way. https://www.codeproject.com/Articles/425150/Beginners-guide-to-a-secure-way-of-storing-passwor
Normally when hacker hacks database he doesn't get full access to database. He can just read other user's data. If passwords will not be hashed then he can easily get passwords and can access whole data of that user. If hacker get full access to database like modifying it then he can change it. If he will change it then real user can easily recover it. And access by hacker will be lost. We have make everything as secure as possible.
@Nanda Balakrishnan Yes but the unauthorized person can easily change the password if he has access to the database
Yes tibi if they get access it gone , but organization has security team to avoid hacks , intruders, etc. https://www.clicdata.com/blog/5-ways-to-prevent-unauthorized-access-of-your-company-data/ Read above blog will help you out.