password encryption

How Protected Are Your Passwords?

Ever wondered about how your passwords are stored on the various websites that we use every day and whether they are safe?

Plain Text Passwords

This is the worst way a password can be stored. Plain text is unencrypted and will be stored as is e.g. if your password was “letmein123” it would be stored on the server as “letmein123”. Meaning if the server was hacked your password would instantly be compromised. Luckily, most reputable websites do not store details like this.

 

Encrypted Passwords

Passwords are often encrypted before they are stored on a server, this is a more secure method than using plain text, as the hacker would have to decrypt the information before he/ she can view it in plain text.
How does encryption work? Encryption uses a special key to convert your information into random text, in order to decrypt this information the correct key is needed. However, this still isn’t the most secure method of storing passwords online as the key is often stored on the same server as the password.

 

Hashed Passwords

This is very similar to encryption as this method still turns your password into a random sequence of letters, unlike standard encryption hashing uses an algorithm instead of a key. This is a much safer way of storing your password as the server doesn’t store your password as plain text, therefore even if the hacker steals your information they won’t be able to access your original password.

 

Salted Passwords

Salting uses the hashing method but before the password is converted into the random string of letters a random value is added to the plain text. This is a much more secure method as it increases the number of possible hash values for the password.

 

So, now we know about the ways passwords are stored lets look at how to create a strong password.
Passwords should never include personal information such as family/ pet names, and shouldn’t use common words or phrases like “password” or “letmein”.

They should also be 12 characters minimum and use a combination of numbers, symbols, capital letters, and lower-case letters.

 

Oliver Nissel

Blog English, Cyber Security