The ideas in this recipe can also be applied to storing answers to challenge questions in a secure way (for instance, "What is your mother's maiden name?"). The relevant similarities are that the information should be secured (otherwise it might be used to recover or reset passwords on other websites), and that we typically don't need to decrypt answers to challenge questions. It might be helpful to convert the answers to some kind of canonical form before saving them, such as converting everything to uppercase, removing punctuation and trimming extra whitespace, just to eliminate minor variations in the way that people answer the question.
It is also useful to understand where this recipe does not apply. In most cases where you want to store data securely, you need to be able to decrypt the stored data. A good example is storing credit card numbers securely for Payment Card Industry (PCI) compliance. You need to be able to recover the credit card number so you can apply it to customer orders. One-way hashes, which support encryption but not decryption, will not help you with this.
When you store passwords using hashes, you cannot offer password recovery functionality to end users, because the system doesn't have any way to actually recover the passwords. All you can offer is the ability to reset passwords. This is better from a security perspective anyway since there's always the chance that you might disclose a password to somebody other than the intended recipient, and that somebody might use it to access not only your site but other sites, as we discussed in the background above.
If you found this article helpful, you may also find the following useful: