Hi! I am fairly new to MIT App Inventor and I am trying to create a login for a sports app. I figured out how to login with email and password with Google sheets, but I have a separate sheet for the user type: Coach, Player, or Parent. I also want to have the login screen find what type the user is, but I do not know how to code it. This is the .aia HomeBase_copy (1).aia (248.7 KB)
And later if you want to check, if the entered password is correct, compare the password hashes
I now asked Gemini
Is it okay du store passwords in plain text in an online database?
Here is the answer
Storing passwords in plain text in an online database is extremely dangerous and should absolutely be avoided. Here's why:
Major Security Risk:
If a database is breached, all passwords are immediately exposed. This puts every user at significant risk of identity theft, financial loss, and other harmful consequences.
Violation of Security Best Practices:
Security professionals universally condemn storing passwords in plain text. It's considered a fundamental security flaw.
Legal and Regulatory Issues:
Many data privacy laws and regulations (like GDPR) require organizations to protect sensitive data, including passwords. Storing them in plain text can lead to legal penalties.
Damage to Reputation:
If a company's database is breached and passwords are leaked, it can severely damage the company's reputation and erode customer trust.
Instead of plain text, passwords should be:
Hashed:
Passwords should be transformed using a one-way cryptographic hash function. This makes it virtually impossible to recover the original password from the hashed version.
Salted:
A unique, random string (a "salt") should be added to each password before hashing. This prevents attackers from using pre-computed "rainbow tables" to crack passwords.
In summary, storing passwords in plain text is a highly irresponsible and dangerous practice. Secure hashing and salting are essential for protecting user data.