A password hash is the stored cryptographic output of a password, not the password itself. Systems compare a user’s login attempt by hashing the entered password and checking whether it matches the saved value. Good designs use a slow, one-way hash function with a unique salt, which makes stolen password data much harder to reverse.
Password hashes matter because attackers who steal them can try offline cracking without talking to the target system. If the hash is weak, unsalted, or based on a fast legacy algorithm, brute force and dictionary attacks may recover the original password quickly. That is why exposed account files, backups, and configuration exports are sensitive: even if the plaintext password is never visible, the hash can still become a path to privileged access. Defenders reduce this risk by using modern password hashing algorithms such as Argon2, bcrypt, or scrypt, enforcing unique salts, and protecting any file that contains authentication data.