Passwords are typically sent to the server and hashed there. I’m a bit hazy right now on the implications of client-side hashing, but it would likely present some security problems.
Edit: at the least, it would allow an attacker to use a leaked password database to log in to the sites, sidestepping the whole hashing thing.
There are protocols that send a hashed or encrypted password instead of plaintext, but they’re more complex than just hashing. Iirc they involve a challenge-and-response method.
Passwords are typically sent to the server and hashed there. I’m a bit hazy right now on the implications of client-side hashing, but it would likely present some security problems.
Edit: at the least, it would allow an attacker to use a leaked password database to log in to the sites, sidestepping the whole hashing thing.
There are protocols that send a hashed or encrypted password instead of plaintext, but they’re more complex than just hashing. Iirc they involve a challenge-and-response method.