Skip to main content

How your Password is stored into Website's database and How Can You Avoid Having Your Password Leaked



There are many ways a site can store your Password in database. Some of them are secure than others.We are going to discuss them .

Method 1:Plain text passwords


The simplest way a site can store your password is plain text. That means somewhere in their database your credentials are stored in the same way you you use them to get access (In human readable form) .Such as  if your password is Admin123 it will be stored  as Admin123. When you want to access the website and enter your credentials it will match your credentials with database.
 But if someone hack into this database he can easily access your credentials.

Does The Strength of Password matters? 

NO, No matter how long and strong your password is ,If it is stored in plain text form and someone hacked into the database your password is easily accessible.

Method 2:Basic Password Encryption

To add protection to your password than plain text provides, most sites encrypt your password before they store in their database. Encryption. If a hacker get your encrypted password, he wouldn’t be able to log into your account unless he also had the key which can be used to decrypt .
But the negative side is  the keys are often stored on the same server where passwords are stored.if a server get hacked hacker doesn't have to do much work to decrypt your credentials.

Does The Strength of Password matters? 

No. Since it’s easy to decrypt the password database with a key, your strong password won’t make a difference here either

Method 3:Hashed Passwords

Hashing is similar  to encryption because it also  turns your password into a long string of letters and numbers to keep it hidden. However, unlike encryption, hashing is a one way street: If you have the hash, you can’t run the algorithm backwards to get the original password. This means a hacker would have to obtain the hashes and then try a number of different password combinations to see which ones worked.
The dark side of  this method is: While a hacker can’t decode a hash back to the original password, they can try many different passwords until one matches the hash they have. Computers can do this very fast, and with the help of  rainbow tables which is essentially a list of trillions of different hashes and their matching passwords .they can just look up the hash to see if it’s already been discovered.They can search the hashes on internet to check if it has already being discovered.

Does The strength of my password matters?

Yes. Rainbow tables are made up of passwords that have already been tested against hashes, which means the really weak ones will be cracked very quickly. Their biggest weakness, however, isn’t complexity, but length. You’re better off using a very long password  rather than a short, complex one.

Method 4:Hashed+Salted Passwords

Salting a hash means adding some random string to it called  SALT.It uses a different salt for each password, and even if the salts are stored on the same servers, it will make it very hard to find those salted hashes in the rainbow tables, since each one is long, complex, and unique.

Does The strength of my password matters?

The computers of today are very fast and can brute-force even salted hashes .it can take take a long time certainly longer than rainbow tables. This means the strength of your password matters. The longer and complex it is ,The longer it will take time to be cracked.

Method 5:Slow Hashes 

most security experts are pointing to slower hashes as the best option for storing passwords. Hash functions like MD5, SHA-1, and SHA-256 are relatively fast: if you type in a password, it will return the results fairly quickly. In a brute force attack, time is the most important factor. By using slow hashes it will take more time to crack .

Does The strength of my password matters?

Yes, since strong passwords are harder to brute force, a strong password can definitely help you. If your password is strong, it could take a  very long time to crack with a slow hash.

How Can You Avoid Having Your Password Leaked?

  • Use strong Passwords (Long,complex, use special characters ,numbers etc)
  • Change Your Passwords Periodically (E.g after 2 or 3 months)
  • Use Different password for different services and websites (E.g use different passwords for Facebook and twitter etc)
  • Don't use services with less security(E.g website storing data in plain text)

Comments

Post a Comment

Popular posts from this blog

Convert Audio OR Video Files to any format with VLC Media Player

Sometimes converting audio video files in some other format becomes one heck of a task. We have to download software ,Installing ,Understanding, setting up and Then work on it but it take a lot of time .VLC  is one of the most  popular media player and You will be amazed to know that you can convert your audio or video file to any format using VLC. Step by step instructions: You can convert your files by following these simple steps: Step 1:   Open VLC media Player and go to  Media> Convert/Save . Step 2: Click Add and select the file you wish to convert. Now click on Convert/save. Step 3: Now select a format you wish to convert in from the Drop-down menu , Select the Destination of converted file along with its name and Click Start.  It will convert and save the file into destination folder. Now you can convert your audio or video using VLC media converter .ENJOY !!!
Post a Comment
Read more

Block any website on your PC without using third party software

 1.First of all  go to  My PC > C drive > windows > system32 > drivers      then copy "hosts" file and paste it any where  because you can't edit there. 2. after that open "hosts" file with notepad that you have pasted .  3. at the end of file add  127.0.0.1 space websites URL e.g(127.0.0.1 www.facebook.com) 4. Click File > Save to commit to your changes. Dismiss any warnings from anti-malware software, which may be triggered by your editing of the hosts file. 5. Close any open browser windows, and then reopen a browser to test your edits. The blocked sites should not display in any browser.
Post a Comment
Read more

Download Windows 10 Permanent Activator and Activate windows [Updated]

Windows 10 Permanent Activator Ultimate Windows 10 Permanent Activator ultimate is a program that finder for mak and retail key in different servers for Windows 10 all types of publications. The Keys are automatically updated daily. This software is one of the best for Windows 10 Activators with daily  retail key updates. Its a best program in order to permanently activate your Windows 10. In addition to it its easy to use and does not require experience to bring the activation keys to use when trying to activate the program.It also support New windows 10 anniversary Update. Features: Mak and Retail Keys Finder for Windows 10 Skype Windows Activation Web Activation Digital Rights Activation KMS Activation Uninstall Product Key Includes Portable Skype latest version Semi-automatic Skype activation for Windows 10 (Permanent activation via phone) Disable Skype Automatic Updates. Make Installation ID Updated Skype Account periodically How to activate? Install ...
Post a Comment
Read more