Plaintext vs. Encrypted

Stay Safe March 24, 2022
an image of a simplified encryption process. on the left, plaintext password heading. there are three examples of plaintext passwords: fr0ntde$k, D@v!d0op57, and thi5myP@s5w0r6. in the center an arrow with "hashing process" above it. on the right, encrypted password heading with three examples below it. these examples are sets of capital letters and numbers, five for each character of the password.


Plaintext vs. Encrypted

If you’ve found yourself here, it’s likely that one of your passwords was involved in a data breach and you want a little more information on what that means and how freaked out you should be. Don’t worry! (Well, maybe worry a little bit if it’s the one and only password you use all over the internet.) The difference really comes down to whether the company encrypted your password or not.

Now, It’s easy to get in the weeds and accidentally stay up until 3 am researching encryption around passwords, trust me. In this post, we’ll cover some of the high-level information you need to better understand how risky a plaintext password breach is versus an encrypted password breach and what you can do about it.

Plaintext Password

Plaintext (or cleartext) is a password format that is stored without encryption. It is easily understood, read, and used by other humans and machines. A plaintext password is what you type when you fill in the “password” field of a login page. 

A plaintext password is the combination of letters, numbers, and symbols that you type into the password field.

This is the most unsecure way for a password to be stored, and yet, is still utilized by many companies. 

In InstantAlly, if your “password” has been compromised, you are much more susceptible to additional breaches. These are also considered “exposed” passwords. Plaintext passwords are the easiest for fraudsters to test and use to access additional accounts.

Encrypted Password

An encrypted password means that your password is stored in a way that makes it difficult to understand and use for fraudulent purposes. 

You enter your plaintext password for a site, it is encrypted by the organization, and then stored in that encrypted form. Fraudsters must use decryption techniques to uncover your real password.

An encrypted password is a combination of coded letters and numbers (typically) that come out of an encryption process called “hashing” that is not understandable, or decryptable, without a key.

Different encryption methods vary in complexity. “Hashing” is at the core of most password encryption. Hashed passwords are, essentially, your password passed through an algorithm to make it unreadable and difficult to decrypt without the organization’s key. 

Is this a more secure way to store passwords? Absolutely. Is it the be-all and end-all of password security? Of course not. Fraudsters have the time, knowledge, and technology to decrypt encrypted credentials. This is why it’s critical to not use the same password across multiple sites.  

To truly wrap your head around it, consider the humble potato. A Plaintext password is a raw potato. An Encrypted password is a plate of seasoned hash browns. Yes, hash browns are still made of a potato but no longer resemble their original form.