Last answered:

23 Aug 2023

Posted on:

29 Jul 2023


varchar better for passwords? Security


Heard that as a measure of security, it's good to set a fixed length for a password regardless of how long the actual password is - so that the time of checking (comparing) doesn't vary.

Would setting it as a char be the way to do that? Or there's some other - more advanced - mechanism in place?

1 answers ( 0 marked as helpful)
Posted on:

23 Aug 2023


Hi Tetiana!
Thanks for reaching out.

You can see that VARCHAR is beneficial if the length of the string that you are storing is variable. The reason why CHAR is often used for password fields is because the output of hashing algorithms is consistent regardless of the length of input.

Hope this helps.

Submit an answer