Every time you hear about some hacked service, and code leaks access on Internet Think of your online security. How can you better protect yourself? Here's how your code is stored on the internet.
There are several ways to store passwords, and some are much safer than others. Below we present 5 by popular methods.
First Method: Codes saved with plain text
How does it work: The simplest way to store your passwords is in plain text. This means that somewhere on a server, there is a database with the name χρήστη και τον κωδικό πρόσβασής σας σε μια αναγνώσιμη μορφή (δηλαδή, αν ο κωδικός σας είναι igurunews, θα αποθηκευτεί στη βάση δεδομένων σαν igurunews). Όταν εισαγάγετε τα διαπιστευτήριά σας σε αυτή την ιστοσελίδα, το σύστημα ελέγχει με τη βάση δεδομένων και αν οι χαρακτήρες ταιριάζουν σας επιτρέπει την πρόσβαση στο λογαριασμό σας. Είναι ο χειρότερος τρόπος αποθήκευσης κωδικών, από την άποψη της ασφάλειας. Αν κάποιος κακόβουλος χρήστης καταφέρει να αποκτήσει πρόσβαση σε αυτή τη βάση δεδομένων, οι κωδικοί πρόσβασης δεν προστατεύονται.
Even if you use strong passwords you are unprotected. Maybe you're protected from those trying to guess your password, but just in case infringementof the server, you are at risk.
Method two: Basic encryption of codes
How does it work: For more password protection, most sites encrypt your passwords before storing them on their servers. Encryption, for those of you who do not know it, uses a special key to activate a random string of text in your code. If a hacker manages to get the code in random order, he will not be able to log in to your account unless he has the encryption key to decrypt it.
The problem is that usually the key is stored on the same server where the passwords are located, so if a server is hacked, a hacker can decipher all passwords. This makes this method unsafe.
Even if you use strong passwords you are unprotected. Since it's easy for someone to decrypt the password with a key, your strong password will not make the difference. It will protect you from an indiscriminate friend or family member since it will be hard to guess.
Third Method: Hashed Passwords
How does it work: The Hashed method is similar to encryption in the sense that it converts your password into a large number of letters and numbers. However, unlike encryption, fragmentation of a code is one-way: If you have the hash, you can not use the algorithm to get your original password. This means that a hacker should have the hashes started to test a series of different password combinations to find out who works.
There is a disadvantage to this method. While a hacker cannot decode hashes in the original password, he can try many different hashes until he finds the one that fits. Computers can do this very quickly, and with the help of tools like rainbow tables - which are essentially a list of trillions of different hashes matched by passwords, they can just look at the hash to see if it fits. Try typing the following hash into Google:
e38ad214943daad1d64c102faec29de4afe9da3d
You will find that it is the SHA-1 hash for the code "password1".
If you use strong passwords, rainbow tables that consist of passwords that have already been translated into hashes may not contain them. The key here is not the complexity of the code, but the length. You are better off with a very large password rather than a complicated one.
Method Four: Fragmented passwords with a Dash of Salt
How does it work: "salting" a hash means adding a random string, called "salt" or "Salt" - to the beginning or end of your password before it hashed. A different salt is used for each password, and even if the salt is stored on the same server, it will be very difficult to discover from the rainbow tables, as each password becomes very large, complex, and unique.
Are you at risk if you use strong passwords? Definitely less than the other methods, but unfortunately, we have reached a point where computers are so fast that they can brute force, even on "salted" hashes. Hackers may take a long time, but it is possible. However, the bigger and more complicated your passwords are, the longer it will take to break into a brute force attack.
Method Five: Slow Hashes or Slow Hashes
How does it work: Right now, most security experts cite Slow Hashes as the best option for storing passwords. Hash functions such as MD5, SHA-1 and SHA-256 are relatively fast: if you enter a password, the conversion will be quite fast. In a brute force attack, time is of the essence. Using a slower method such as the bcrypt algorithm, brute force attacks on hashes will take much longer, as each password takes much longer to compute.
Using strong passwords is more difficult to break with brute force attacks, and you will certainly be much safer. If your password is strong, it takes a long time to break if it is encrypted with slow hash.
How can you avoid spilling your password?
Do not use unsafe services. You should never sign up for services that store your passwords in plain text. A good way to find out if they use them, according to the CloudFare service, you can find out by clicking on the "I forgot my password" link. If the email you receive contains your password, it means that they can access the password itself and it is not fragmented. The method of course does not tell you how your password is stored, but if you see it in plain text, avoid the service. Of course, you can email and ask or check their FAQ maybe this information is listed somewhere
Use strong passwords: As you have seen above, the stronger your password is, the less likely it is to break it. The length of the code is more important than complexity. Remember: any code can be broken, it just might take longer.
You often change your passwords and of course change them immediately after an offense: Even if your password is strong, it does not mean it is invulnerable.
Use a different password for each webpage: If you use a different password in your account, then these accounts will remain safe even if one of them has leaked.
Only use OAuth if you are sure that the website that uses it is secure: We've talked about OAuth, which lets you sign in using your Google, Facebook, or Twitter account. If you do not know how secure a website is, and it offers you the ability to use it OAuth, do not do it. If the site is compromised, immediately recall access to Google, Facebook or Twitter.
