I have a web service. Right now, I have passwords stored in plain text in a MySQL table on my server. I know this isn't the best practice, and that is why I am working on it.
Why should passwords be encrypted if they are being stored in a secure database? I realize that if someone hacks in to my database they will get everyone's password. But I have other problems if someone gets in my database, for example, deleting data.
The scenario I can think of is that you are hacked. You restore a database from a couple of hours ago and everything is well. However, if your passwords are plaintext… The thief has all the passwords and you have to reset them all. Hassle to your users.
If the passwords were encrypted, you could just restore to previous database. Is this correct thinking?
Best Answer
First up, you should be more free with read-only access rights than read-write. It might be possible that a hacker has access to your data but isn't able to edit it.
But, much more importantly, this is not about you. The fact that you might be screwed if someone has full access to your database is irrelevant. Much more important is your user's data.
If you recover your database, the hacker still has access to your user's account.
And who knows what else? What if they use the same password at Google? Or PayPal? What if that gives a hacker access to their mother's maiden name, or the last 4 digits of their credit card?
What if that gets them into other accounts? Don't put it past a hacker to go through a user support system and get more info.
Just ... just don't. That's your user's private information and you don't need to be able to see it. It's also your reputation. Encrypt it.
EDIT: One extra comment, to save any future reader from reading every answer and comment ...
If you're going to encrypt (in the strictest sense) then you need to use a public / private key pair, which is fine but makes life a little bit more difficult for both you and your user.
A simpler, and just as effective, solution is to random-salt and hash the password. Hashing alone is not enough; if your user uses a common password, it will appear in reverse-hashing tables, which are readily available with a simple internet search.