Hello, Friends
Today I am gonna tell you How does your password Stored on the Internet
Today I am gonna tell you How does your password Stored on the Internet
There are a number of ways a site can store your password,
and some are considerably more secure than others.
Method One: Plain Text Passwords
How It Works: The simplest way a site can store your
password is in plain text. That means somewhere on a their server, there exists
a database with your username and password in it in a human readable form (i.e, if your password is "testing123", it is stored in the database as "testing123").
When you enter your credentials on the site, it checks them against the
database to see if they match. This is the worst possible method, in security
terms, and most reputable web sites do not store passwords in plain text. If
someone hacks this database, everyone's password is immediately compromised.
Method Two: Basic Password Encryption
How It Works: To add more protection to your password
than plain text provides, most sites encrypt your password before they store it
on their servers. Encryption, for those of you that don't know, uses a special
key to turn your password into a random string of text. If a hacker were to get
hold of this random string of text, they wouldn't be able to log into your
account unless they also had the key, which they could then use to decrypt it.
Method Three: Hashed Passwords
How It Works:
Hashed is similar to encryption in the sense that it turns your password into a
long string of letters and numbers to keep it hidden. However, unlike
encryption, hashing is a one way street. If you have the hash, you can't run
the algorithm backwards to get the original password. This means a hacker would
have to obtain the hashes and then try a number of different password
combinations to see which ones worked.
Method Four: Hashed Passwords with a Dash of Salt
How It Works:
Salting a hash means adding a random string of characters is called a
"salt"—to the beginning or end of your password before hashing it. It
uses a different salt for each password, and even if the salts are stored on
the same servers, it will make it very hard to find those salted hashes in the rainbow
tables, since each one is long, complex, and unique. LinkedIn is famous for not using
salted hashes, which brought them under a lot of scrutiny after their recent
hack—If they had used salts, their users would have been safer.
These were the basic methods that I know used for password storage on Internet.
Thanks for Reading this article.
No comments:
Post a Comment