How Your Passwords Are Stored On Internet ? Does Your Password Strength Matter !!


Recently Equifax is hacked and over 143 Millions users financial credits cards  information are leaked which is half US of population. Last year in 2016 "21st century ontology'' website data is breached who are premier provider of state of art the radiation therapy and integrated cancer treatments. What you can do when the site that you are using is breached. Here, Arightguide Explaining you How your passwords are Stored on Internet ? And when your strong or lengthy password matter.
There are many ways to store password on web. Each one is more secure than another one. Here is brief, Lucy Explanation of Plain, encryption, salt, hashing password Method On them. All Methods have ciphering of password. Cryptography is way by which information is encrypted by both Encryption (reversible) and Hashing  (Irreversible) password storing Methods.

1. Way One - Plain text password

This is worst method of storing password on web. Most reputable website like CNN, Nytimes, bbc etc. Hates to use it. In this method the password are Stored in database as same as password. Suppose you pick a password "sample123'' . If site is using plain text password storing system then it will store it as "sample123'' which is Human readable, fastly hackable. If hacker hacks the database, he can easy access all password of the user of that site.

Does your password strength matter ?

No. You password strength does not matter because after hacking the database of your site. They will get you credentials or password in Human readable form. So no matter how much stronger your password is ? How much longer your password is ? It is suggested that should avoid to use such a kind of websites.

2. Way Second - Encryption 

It is more secure than plain text password. Most sites before storing the password of user on their server encrypt it with the special key. If the site is hacked, and hacker get their hands on these encrypted passwords. Still, They are not able log in to your account. But if the server is hacked where the keys are Stored to decrypt these password. Then hacker can get easily full control on your account.

Does your password strength matter?

No. You password strength doesn't matter. Because they have full control on your password after getting keys of encrypted password.
Suggestion - You should avoid use of website that have plain and Encryption way to store their password.

3. Way Third - Hashing

Hashing is not completely secure way to store password on web. But it is much secure in comparison to other two we have already talk about. It convert the password in long string or in hash key or value. It is one way operation. Mean, if the hackers got their hands on hashes they cannot reverse their algorithm unlike encrypted password operation to decrypt them. They will try to guess many password to untill the system unlock. Machines can do it much faster then human. So they use computer to crack the passwords by Rainbow tables. Rainbow tables have all the pre-used, pre-computed hash values of trillions of passwords.

Does your password length/strength matter ?

For example - this is your password "Fgpyyih804423" that will verify by Microsoft as "strong". But it take 160 seconds to crack this password by ophcrack (system using rainbow table). Long password will safe you here. Because attacking machine take at least 11 minutes to crack 99.99% of 14 digit password. Now a days people using password that are harder to remember themselves. But Are easier to guess by machines. Such as xy*doy#d^(' , ytx$u@dx €£/ etc...Let's talk about no.4

4. Way fourth - salt hashing

By Rainbow tables, it is easy to guess hash password because two same password have their same hash values. To prevent it the "random string value" is added to hashed password that is called salt. Due to salting, same password have different salted password.
For ex -
Hash("hello")  2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7425e73043362938b9824
hash("hello" + "QxLUF1bgIAdeQX")
hash("hello" + "bv5PehSMfV11Cd") 
LinkedIn is famous for his not using salt password system to store passwords. Due to it they loss 6.5 million user data.

Does your password length matter ?

Definitely ! You password length matter. Because it has two drawback first, it reuse same salt many times but hash for all password  are different. So when hacker got these password. They get the hash values of password easily and start using rainbow, lookup , brute force etc guessing attacks. So longer password matter here. Now the last one and the most secure one.

5. Way fifth - slow hashes password

The fast hash function are dangers for our security that are MD5, SHA-1,SHA-256 etc.. Due to these fast hash function. Brute force attack is easily done by attackers. But slow hash, take longer time. Where time is primary thing in brute force attack. So slow hash function is the best and secure system of storing passwords on web. The brcypt algorithm is most famous algorithm for slow hash function. It add some salt configurable large amount of rounds, due to which brute force attack easily parallelize. Another algorithm is scrypt  ( which not only add configurable amount of time, but also a configurable amount of space.) Due to slow hash function,  brute force attack cannot done easily. But it is doable.

Does your password length/strength matter ?

Unfortunately ! Yes, you length and strength both matter.  Because it not impossible to attack. But it take longer time to unlock the user account. For instance - your password is of 20 digit and have much complication.  Then it may take years to crack. So you have to change your password time to time.

How Can You Avoid Having Your Password and Account Hack ?

After know the different processes of storing password. You may be think about what it mean for me ? What is benefit of knowing it ? So Let's analysis each and every thing..

1. Always Use long and strong password- In choosing the password, length of password is much important than the complicity of password. The length of should be greater then 18 digits. The longer the password, more time will be taken by hacker to get their hands on your account.

2. Change your password time to time -
It will help you more than any other method. After the breach of the site that you are using, you must be change your existing password. Because if your site is breach then the attacker will definitely get their hands on data. But it is possible that they get their hands on your account with 1-2 days. So if you change the existing password. It will no longer help them to get access of you account by that useless old password.

3. Never Use Sites Of Bad Security-
We should have alway avoid such sites that are using Plain and Encryption Method. Now you might have a question that How would I know that what storing Method they are using ? So for that each site have their privacy policy, terms of service, disclaimer and most Important FAQ (frequently asked questions ). You can also confirm it by email them about what you want to about them ? Etc...

4. Use Different Passwords For Different Sites- It is very Important Guide for Everyone. Most of people does not follow this Guide and get compromise on web due this silly Mistake. When an hacker get their hands on your one online account. That mean the " Great Tsunami comes in You life. Suddenly ! ". Am I Right? Or Am I Right? Haha..hahah..
Use OAuth if you're unsure about their security
That password will unlock your all the Online account.

5. Use oAuth if you're unsure About Site Security - many sites allowed you to log in with Oauth sites like Facebook, google ,twitter Etc. if the site is giving you the choose of log in with Oauth sites you should take log in with them. They are much secure. If that particular site is breached then you have to just revoke the access of that site from your Oauth site accounts.
That shit !!
Like and Follow Us on Facebook and Twitter (@Arightguide) and Don't forget to Subscribe Us.
Don't Forget to Share !!