Would you use one or two tables for username and password?

Question

Is it any safer to create a table holding user information and another one for their passwords than using the same table for everything?

Answer 1

No I would just do this:

id, username, password.

Where id is just autoincrement, username is a varchar of 20 (or so, depending on your needs) and password is an MD5 or SHA1 hashed password with a salt.

Using two tables for this just doesn't make sense. Then you need to work with joins to get the data. And that's just an unnecessary burden.

Answer 2

No, I cannot see how that can make it safer.

You should actually refrain from storing passwords at all. Just store their salted hash.

Further reading:

• Stack Overflow: Preferred Method of Storing Passwords In Database