Your passwords – are they safe?

Posted by on Aug 18, 2014 in News | No Comments

We are constantly asked and reminded on websites to make our passwords stronger, which typically means making them half a mile long, contain upper and lower case characters and add a few special characters in there for good measure. Is it really worth jumping through all those hoops, will it make your password more secure?

The simple answer is, it depends.

It depends on what the website does with your password. Some websites will store your password exactly as you enter it, so a strong password of for example “4Beu6.Z!_jU}T” will be stored as “4Beu6.Z!_jU}T”. That’s a pretty secure password, but if a hacker gained access to the database behind the website your very strong password is in full view. Not very strong afterall eh?

A clever web developer will encrypt the password so that the stored version in the database is nothing like the password you enter into the website. Taking our strong password example above, using a simple md5 encryption method (a popular 128bit method of encrypting data) our password is stored as “1b9263e971783849b5e04e92e4f62cec”. Much more secure.

But is a password such as our example above much more secure than “password” or “mydogsname”? When encrypted yes, a hacker without database access wil try username and password combinations. They literally go through thousands of possible passwords (called a brute force attack), starting with more obvious ones first. These days using characters makes little difference i.e. using 4 instead of “a” or a 1 instead of an “i” as a brute force attack will look for these. A password totaly random as in our example is much harder for a machine to guess than one that means something.

 

Of course there is much more to it than that, contact us to find out how we secure passwords in websites we design and develop or just for more info regarding passwords.