Why are salts used with hashes in password storage?

Salts are added to hashes in password storage primarily to generate unique password hashes. When a salt—a random value—is combined with a user's password before the hashing process, even if two users have the same password, the resulting hashes will differ due to the unique salts used for each password. This practice drastically increases the security of password storage by making it significantly harder for attackers to use precomputed tables, such as rainbow tables, to crack passwords.

The use of salts ensures that even identical passwords do not yield identical hashes, effectively mitigating the risks associated with hash collision attacks and making brute-force attacks more difficult. This method enhances the overall security posture of an application by ensuring that compromised hash values cannot be easily reused across different accounts.

Options that suggest storing passwords in plain text or enhancing user experience do not contribute to security and contradict best practices for secure password management. The notion of facilitating password recovery is unrelated to the primary reason for incorporating salts into hashes, as it doesn’t pertain to the main objective of enhancing security during password storage.