Encryption vs Hashing
intermediateDefinition
Two ways of protecting data, often confused. Encryption scrambles information with a key: anyone with the key can unscramble it later. Hashing is a one-way blender: it turns the data into a fixed scramble that can never be turned back. Payment details are encrypted (the company needs to read them). Passwords are hashed (nobody, not even the company, should be able to read them).
In the wild
When you create an account, the website doesn't actually save your password anywhere. It runs your password through a hash and stores only the unreadable scramble. Next time you log in, it hashes whatever you typed and checks if the new scramble matches the saved one. The original password is never stored. So even if hackers steal the database, they don't get your password.
More from Security
Content Security Policy (CSP)
A whitelist that a website hands to the browser, saying 'only run code, fonts, and images from these places I trust: refuse anything else.' If an attacker manages to slip a sneaky script onto the page, the browser blocks it because it didn't come from an approved source.
CSRF (Cross-Site Request Forgery)
An attack that abuses the fact that you're already logged into a site. A different, sneaky page tricks your browser into sending a request to that trusted site on your behalf. And the site thinks it's you, because your login is still valid.
DDoS (Distributed Denial of Service)
An attack where a huge crowd of computers all hammer the same website at once, drowning it in fake traffic until real visitors can't get through. The attacker doesn't break in. They just make so much noise that nobody else can be heard.
HTTPS / TLS
The technology that puts the little padlock in your browser's address bar. It scrambles all the traffic between your device and the website, so anyone snooping on the connection, at a coffee shop, on a hotel Wi-Fi, only sees nonsense. It also confirms that the site really is who it claims to be, not an imitation.
Input Sanitization
Carefully cleaning anything a visitor types into a website before doing anything with it: stripping out tricks, rejecting weird formats, and making sure the data is what you expected. It's the front-line defense against attackers who try to slip dangerous instructions into ordinary-looking form fields.
Multi-Factor Authentication (MFA)
Logging in with more than just a password. Usually it's something you know (the password) plus something you have (a phone, an authenticator app, a security key) or something you are (your fingerprint or face). Even if a thief steals your password, they can't get in without that second piece.