If you have spent any time in the darker corners of cybersecurity forums, red team Slack channels, or data breach notification sites, you have seen the term

Why your $2y$10$... string is more valuable to a hacker than your credit card number.

Have you ever run Hashcat against your own passwords to see how fast they break? You might be surprised.

The hacker looks at: $SHA256$dGhpcyBpcyBhIHNhbHQ$5e884898da... They see the $ separators and know it’s SHA-256 with a salt.