Mews always stores your password in a form of a BCrypt hash. Imagine that a hash is a fingerprint. If you have one, you cannot reconstruct the person it belongs to, but if you have the person, you can verify, the fingerprint is their. BCrypt is a one-way cryptographic function, that transforms your password into a form of a hash. Whenever you put your password into the system, a hash (fingerprint) is computed and compared with the one we have stored in our database. As it’s a one-way function, we cannot invert it and figure out what your password is (reconstruct a person form the fingerprint). That also means, that if you have lost your password, we are not able to tell you, what the password was, you would need to reset your password and set a new one. At the same time, it makes it difficult for a potential attacker to retrieve your password. They cannot reconstruct it from the hash, they may just guess what the password is and try to verify by comparing the hashes.
Modified on: Mon, 25 Sep, 2017 at 9:22 AM
Did you find it helpful?Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.