What happens to my password?

We hash it. Next question?

Well, what's hashing?

Hashing a password involves shoving it through a one-way algorithm that makes it incomprehensible and indecipherable. Here's what happens:

You get your Populi welcome email and click the link to log in for the first time. After choosing your very strong, mixed capital and lower-case alphanumeric password, you save it and log in for the first time. Once you submit that password, Populi runs it through an algorithm that turns it into complete gobbledygook composed of dozens of characters, and then saves that nonsense. The next time you log in, you enter your password, the algorithm hashes it, and checks whether that hash matches the stored nonsense. If it does, Populi lets you in.

The algorithm in question is a one-way algorithm; that is, you cannot then enter the nonsense characters and "reverse engineer" the true password. Were someone somehow able to get the nonsense and plug it in to the algorithm, the algorithm would hash the nonsense into even more nonsense.

That's also why, if you ever forget your password, you can't ever ask us for it. We only saved the hashed nonsense, and so all we could send you is the hashed nonsense—not that we'd even do that. Rather, we have Populi send you a link to reset your password, where the whole process repeats: you submit a password and Populi saves some hashed nonsense. Even if your new password differs from the old by only one character, the algorithm generates a totally new hash.

Password hashing is a pretty important security measure, one of many that Populi incorporates. Even if someone broke in and stole all the hashed passwords... well, that and a dollar would get him a cup of coffee. Not even we can unscramble what the algorithm scrambles.

Nonetheless, you should still be really careful with your password. Don't tell anyone else what it is, don't leave it around on a sticky note, don't email it to yourself. Just remember it and keep it in your head... but if you forget it, you can always reset it.