Random string/bytes added to a password before hashing so that two users with the same password produce different hashes, defeating rainbow tables and cross-leak reuse of broken hashes. In modern password-hashing algorithms (like Argon2), the salt is passed as a separate argument rather than appended — bcrypt for example does more than concatenate under the hood.