A few months ago our friends at in.security did a great webinar on all things related to passwords, and we wanted to share some of the key points.
How are Passwords Stored and Used?
When you register for a website or service, storing your password in plaintext in their database is
A "hash" is a a one-way cryptographic function which changes the input to an output that cannot be reversed. There are a number of secure hashing algorithms used for this purpose (check out this online generator to see how it works). The great thing about hashing algorithms is they will consistently produce the same output, but even a minor change to the input radically changes the end result. Using the SHA256 algorithm, the name TeamPassword becomes 773D2D1DB1E4E617F99515100DF3E6BB4F893DA1FC9A7F844E66F3086B69672B. Just putting a space between Team and Password changes the output to E8174A12ECE693ADF7D611E59192B049AA7CFD7DE2BC0654F7FC252282BD3F34.
How do Hackers Crack Passwords?
Hackers can use a number of methods to figure out your passwords and break into your accounts. Here's a quick overview of the six main ways they do that.
Data Breaches and Password Reuse
There have been a lot of breaches...and likely more we don't know about.
How Can I Stay Safe?
Still trying to remember all your passwords? Now you know why a password manager will make your life easier, it’s time to see why TeamPassword is your best option. Find out today by starting our free 14-day trial.
If your business is looking for penetration tests, vulnerability assessments, or technical training check them out. You can follow them at @Stealthsploit and @in.security
