Hashes can't protect the content if it's feasible to enumerate all possible values of the content.
You can't hide individual letters of alphabet with a hash. Not even with a salt and an expensive hash. It's a hopeless case where a brute-force attack takes only 26 times (or 676 for a pair of letters) longer than a comparison you do during normal operation.
BTW: it's also not possible to use hashes to hide/anonymize phone numbers or IP addresses. The attacker can generate hashes of all possible values and see which one is it.
Let's say my password is NmsWQlWj1kzS534ojygJ. The 4th and 17th characters are W and j. Even if those two characters are stored in plain text, how exactly does that compromise my password?
You can't hide individual letters of alphabet with a hash. Not even with a salt and an expensive hash. It's a hopeless case where a brute-force attack takes only 26 times (or 676 for a pair of letters) longer than a comparison you do during normal operation.
BTW: it's also not possible to use hashes to hide/anonymize phone numbers or IP addresses. The attacker can generate hashes of all possible values and see which one is it.