for example both of the following are the hash of a very simple password "123"
a665a45920422f9d417e4867efdc4fb8a04a1f3fff1fa07e998e86f7f7a27ae3
74b2eb3b47120a4af6acb7d0a9af9e299a68233939fbd9d856a4d22598560601
while the first one is ridiculously easy to break because it is a single SHA256 hash of the password but the second one (although still easy due to shortness of the password) is a lot harder to break because it is using a strong KDF called scrypt with a strong salt.
the later is what any good website does to make it more expensive for an attacker to be able to brute force things even if they got access to their database somehow.
Amazing thing I have not yet known and only began to learn today. Thank you.
Regarding to good websites, it is appropriate to choose big platforms to use and I can believe in their security structures and operations. It is the side of companies people choose to use, nevertheless. To secure account, it requires carefulness and efforts from both related sides: companies and users.
Users must do some things from their sides:
- Strong passwords (for accounts)
- Strong passwords (for emails)
- 2FA (for accounts)
- 2FA (for emails)
- Do neither disclose email address nor 2FA secret code/ phone numbers (sim swap attacks) nor which platforms they use
- Even attackers find their email fIf curious (but should not never click on), simply hovering the mouse on links to see full links (for non-shortened links).