Every time you hear about some hacked service, and password leaks at Internet thinking about your online security. How can you best protect yourself? This is where your passwords are stored in the medianetwork.
There are several ways to store passwords, and some are much safer than others. Below we present 5 by popular methods.
First Method: Codes saved with plain text
How does it work: Ο απλούστερος τρόπος αποθήκευσης κωδικών πρόσβασης σας είναι σε μορφή απλού κειμένου. Αυτό σημαίνει ότι κάπου σε ένα server, υπάρχει μια βάση δεδομένων με το όνομα χρήστη και τον κωδικό πρόσβασής σας σε μια αναγνώσιμη μορφή (δηλαδή, αν ο κωδικός σας είναι igurunews, θα αποθηκευτεί στη βάση δεδομένων σαν igurunews). Όταν εισαγάγετε τα διαπιστευτήριά σας σε αυτή την by clicking here, the system checks with the database and if the characters match allows you to access your account. It is the worst way to store passwords, from a security point of view. If a malicious user manages to gain access to this database, the passwords are not protected.
Even if you use strong passwords you are unprotected. You may be protected by those who are trying to guess your password, but in the event of a server breach, you are at risk.
Method two: Basic encryption of codes
How does it work: For more password protection, most sites encrypt your passwords before storing them on their servers. Encryption, for those of you who do not know it, uses a special key to activate a random string of text in your code. If a hacker manages to get the code in random order, he will not be able to log in to your account unless he has the encryption key to decrypt it.
The problem is that usually the key is stored on the same server where the passwords are located, so if a server is hacked, a hacker can decipher all passwords. This makes this method unsafe.
Ακόμα και αν χρησιμοποιείτε ισχυρούς κωδικούς πρόσβασης είστε απροστάτευτοι. Δεδομένου ότι είναι εύκολο για κάποιον να αποκρυπτογραφήσει τον κωδικό πρόσβασης με ένα κλειδί, ο ισχυρός Password σας δεν θα κάνει τη διαφορά. Θα σας προστατέψει ίσως από ένα αδιάκριτο φίλο ή μέλος της οικογένειας αφού θα είναι δύσκολο να τον μαντέψουν.
Third Method: Hashed Passwords
How does it work: The Hashed method is similar to encryption in the sense that it converts your password into a large number of letters and numbers. However, unlike encryption, fragmentation of a code is one-way: If you have the hash, you can not use the algorithm to get your original password. This means that a hacker should have the hashes started to test a series of different password combinations to find out who works.
There is a disadvantage to this method. While a hacker cannot decode hashes in the original password, he can try many different hashes until he finds the one that fits. Computers can do this very quickly, and with the help of tools like rainbow tables - which are essentially a list of trillions of different hashes matched by passwords, they can just look at the hash to see if it fits. Try typing the following hash into Google:
e38ad214943daad1d64c102faec29de4afe9da3d
You will find that it is the SHA-1 hash for the code "password1".
If you use strong passwords, rainbow tables that consist of passwords that have already been translated into hashes may not contain them. The key here is not the complexity of the code, but the length. You are better off with a very large password rather than a complicated one.
Method Four: Fragmented passwords with a Dash of Salt
How does it work: "salting" a hash means adding a random string, called "salt" or "Salt" - to the beginning or end of your password before it hashed. A different salt is used for each password, and even if the salt is stored on the same server, it will be very difficult to discover from the rainbow tables, as each password becomes very large, complex, and unique.
Are you at risk if you use strong passwords? Definitely less than the other methods, but unfortunately, we have reached a point where computers are so fast that they can brute force, even on "salted" hashes. Hackers may take a long time, but it is possible. However, the bigger and more complicated your passwords are, the longer it will take to break into a brute force attack.
Method Five: Slow Hashes or Slow Hashes
How does it work: At this time, most experts in themesecurity experts cite Slow Hashes as the best option for storing passwords. Hash functions like MD5, SHA-1 and SHA-256 are relatively fast: if you type in a password, the conversion will be done fairly quickly. In a brute force attack, time is the most important factor. Using a slower method like the bcrypt algorithm, brute force attacks on hashes will take much longer since each code takes much longer to calculate.
Using strong passwords is more difficult to break with brute force attacks, and you will certainly be much safer. If your password is strong, it takes a long time to break if it is encrypted with slow hash.
How can you avoid spilling your password?
Do not use unsafe services. You should never sign up for services that store your passwords in plain text. A good way to find out if they are using them, according to CloudFare, is to check by clicking on the “Forgot my password” link. If the email you receive contains your password, it means they can access the password itself and it is not hashed. The method won't tell you how your code is stored, of course, but if you see it in plain text, avoid the service. Of course you can email and ask or check their FAQ maybe they have this info somewhere
Use strong passwords: As you have seen above, the stronger your password is, the less likely it is to break it. The length of the code is more important than complexity. Remember: any code can be broken, it just might take longer.
You often change your passwords and of course change them immediately after an offense: Even if your password is strong, it does not mean it is invulnerable.
Use a different password for each webpage: If you use a different password in your account, then these accounts will remain safe even if one of them has leaked.
Only use OAuth if you are sure that the website that uses it is secure: We've talked about OAuth, which lets you sign in using your Google, Facebook, or Twitter account. If you do not know how secure a website is, and it offers you the ability to use it OAuth, do not do it. If the site is compromised, immediately recall access to Google, Facebook or Twitter.
