What is the primary method of securing passwords in a well-designed web application?

In a well-designed web application, the primary method of securing passwords is through the use of salted hashes. This process enhances security by transforming plain text passwords into a format that is not easily reversible. A "salt" is a random value added to the password before it is hashed, which ensures that even if two users have the same password, their stored hashes will be different. This significantly increases resistance against pre-computed attacks, such as rainbow tables, as attackers will need to compute hashes for every unique salt used.

Salting is essential because it mitigates the risk of attackers exploiting stored password hashes. When users authenticate, their inputted passwords are combined with the salt and hashed again; this hash is then compared to the stored hash. Since the original password is never stored directly and is obscured by both the hash function and the salt, gaining access to stored passwords becomes much more difficult for malicious entities.

In contrast, storing passwords in plain text, whether in plain text format or with minimal obfuscation, offers no protection and exposes user credentials directly to unauthorized access if the database is compromised. Encrypted files can provide a layer of security, but if the encryption keys or methods are not managed properly, they may not adequately protect against unauthorized access.