*********** Passwords ********** 1
How Your Passwords Are Stored on the
Internet
here are a number of ways a site can store
your password, and some are considerably
more secure than others. Here's a quick
rundown of the most popular methods, and
what they mean for the security of your
data.
Method One: Plain Text Passwords
How It Works: The simplest way a site can
store your password is in plain text. That
means somewhere on a their server, there
exists a database with your username and
password in it in a human-readable form
(that is, if your password is testing123, it is
stored in the database as testing123). When
you enter your credentials on the site, it
checks them against the database to see if
they match. This is the worst possible
method, in security terms, and most
reputable web sites do not store passwords
in plain text. If someone hacks this database,
everyone's password is immediately
compromised.
Does My Strong Password Matter? No way.
No matter how long or strong your password
may be, if it's stored in plain text and the
site gets hacked, your password is easily
accessible to anyone, no work required. It
still matters in terms of hiding your
passwords from, say, your friends, or others
that could easily guess it, but it won't make
any difference if the site gets hacked.1
Method Two: Basic Password Encryption
How It Works: To add more protection to
your password than plain text provides, most
sites encrypt your password before they
store it on their servers. Encryption, for
those of you that don't know, uses a special
key to turn your password into a random
string of text. If a hacker were to get hold of
this random string of text, they wouldn't be
able to log into your account unless they
also had the key, which they could then use
to decrypt it.
The problem is, the key is often stored on
the very same server that the passwords are,
so if the servers get hacked, a hacker doesn't
have to do much work to decrypt all the
passwords, which means this method is still
wildly insecure.
Does My Strong Password Matter? No. Since
it's easy to decrypt the password database
with a key, your strong password won't make
a difference here either. Again: this is in
terms of the site getting hacked; if you have
a nosy friend or family member rooting
through your stuff, a strong password can
help keep them from guessing it.
Tuesday 5 August 2014
How Your Passwords Are Stored on the Internet
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment