Understanding password protection
It is very easy to create a website these today’s but it is becoming harder to guarantee your customers complete security when they are signed in. One question many people have is what do our password look like to businesses? Here’s a little background into password protection and the many layers that make some of the pro’s like Dropbox so secure.
Plain Text
- Passwords can be seen
- unsecured
Encryption
- Under encryption is still plain text password
- Can be decrypted to reveal a password
- Requires encryption keys
Hashes
- A string of text that always has the same length
- One-way
- Don’t store the actual password
- Rainbow tables (lists of pre-computed hashes to find weak and commonly used passwords)
- Salt can be added
- Random data added to the end of a password
- Bcrypt , Scrypt, Argon2 (password + salt + cost)
- Cost defines the number of rounds the algorithm goes through
Dropbox uses multiple layers of security. Password + Hash + bcrypt + Encryption (encryption key not stored in database)
Another Fly On The Wall 