To make each hashed password in a database unique. We add something called a salt to the input to the hash function. A salt is basically some random data that is unique to each user, that is saved with their password and used in the hashing process of both storing and verifying the password.
Why is this effective?
"They work by adding an extra secret value to the end of the input, extending the length of the original password".
Every user now has something that is unique to them, that is added on to their password before it is hashed and stored in the database. Now, if someone were to try to compare the database password hashes with a list of common password hashes – none of the hashes would match, even if users had used common passwords in the attackers list.
Say your password is
rocky and the salt value is
i.love.salt. The hash value would be made up from both of these together
rockyi.love.salt. This provides some protection for those people who use common words as their password.