In this segment, we are going to understand Password Management and what are the different methods which are used to secure the passwords.
The use of passwords with respect to technology has been around since the early internet. At this beginning period there was practically no password key security.
Passwords have made some amazing progress from that point forward. Yes, we know that some password key implementations can be unbelievably insecure. Passwords can be the keys to some kind of Kingdom and they aren’t going anywhere at any point in the near future. There are numerous approaches to guarantee that the transmission and storage of passwords are safely and securely implemented. In this section, we’ll figure out how best to manage passwords.
Basic Password Practices
Basic password key hashes can be broken in under a second with some knowledge about it. Password cracking tools, for example, John the Ripper supports the breaking of several sorts of hashes using Brute Force approach or Rainbow Tables. Brute Force approach uses dictionary records, which are huge content containing lots of plain text passwords that are mostly used and have been taken from data breaches and other different sources.
How about we start with some fundamental math encompassing the length and complexity of passwords.
- 8 characters at just lowercase equivalents to 26^8. It is very simple and will break in less than 2 minutes.
- 8 characters at just upper and lowercase equivalents to 52^8. It is still not the best and will break in less than 6 hours.
- 8 characters at just uppercase, lowercase and numbers equivalents to 62^8. It is a little better but will break in 24 hours.
- 10 characters at just uppercase, lowercase, numbers and symbols equivalents to 94^10. Roughly 600 years.
A rainbow table attack against a password key hash doesn’t depend on computation however on having the option to look into the password key hash in the precomputed table.
One method of making secure passwords simpler to remember is using phrases from books, music, movies and so forth, and adding characters to that phrase. They at that point become a passphrase rather and are characteristically more secure. For instance:
Another learning open door for end users and perhaps even an enterprise is to not trust in others with passwords. Clients ought to be instructed to the way that nobody in the organization would request their secret password phrase, report any individual who does.
Password Management Software
A few of us have systems that make remembering passwords simpler, yet for most of clients it isn’t achievable to remember them. Try not to make a mistake of reusing passwords for different accounts. Regardless of whether it is an individual account or an enterprise account, passwords must not be reused. Websites and Services with private or sensitive information must have a functionality of creating complex passwords.
Secret Password reuse is a typical issue that can be solved by using a Password Manager. Password management implementations shift from the password storing features in web browsers to desktop or mobile applications that synchronize the saved passwords across various devices and automatically fill login form as needed.
In all cases, the master secret password key must be all around secured, it’s best to memorize instead of storing it somewhere, despite the fact that storing it somewhere and keeping it in a safe area is likewise an alternative. It’s never a bad notion to have a physical copy of significant account usernames and passwords recorded or printed out in a vault in the event of emergency. Prior to settling on a Password Manager, read reviews of the different password manager products so as to see how they work and what they can do.
Great secret password security will allow you to limit the effect of the consistent breaches on personal accounts, as well as making it more uncertain that the enterprise will have a security breach.
Encryption, Hashing, and Salting
There is a typical misconception of these three terms. It will be incredibly useful to understand what encryption, hashing and salting mean and the difference between them.
Encryption has been around for quite a while. Encrypting a password phrase consists of applying an algorithm that encrypts the information and afterward a key can be used that decrypts the encrypted information to its original state. ROTI3 is perhaps the simplest case of a substitution cipher. It essentially replaces each letter with one 13 places away in the letter set, example given below.
etechwallisagreatwebsite = rgrpujnyyvfnterngjrofvgr
ROT13 is clearly a weak cipher, however it is valuable to represent the key point here: encrypted information is reversible to any individual who knows the key. There is no point encrypting a secret message if the individual at the other end can’t decipher it. Subsequently, it is valuable in protocols like VPNs, HTTPS traffic and numerous different types of communication. Other basic encryption algorithms include Triple DES, AES, RSA and Blowfish.
Hashing is not the same as encryption, in hashing the message can’t be decrypted. The lossy nature of the hash algorithms makes reversal mathematically quite impossible. For most of the hashing algorithms, the output is always of a fixed length.
Let’s use the same above phrase and hashing algorithm MD5, we get:
etechwallisagreatwebsite -> MD5 Algo -> 5B459AD0D9E9BB800AFAE897C3A8F294
Now, let’s add more words:
etechwallisagreatwebsitefortechnologyconcepts -> MD5 -> 0BA4D93FDE2CC206643B77168E646F65
The outcomes are both a similar length. This implies different data inputs could bring about a similar output, which is known as a collision. Collisions are unavoidable when using the same hashing algorithm on a huge data collection. MD5 is additionally a hashing algorithm that can without much of a stretch be broken.
Salting works by adding an extra value to the input message, increasing the length of the secret password.
Let’s take an example, the password is “Etechwall” and the salt value is “Technology”. The hash value would be made up from the combination of those two things i.e. Etechwall.Technology. This gives some protection to those individuals who use normal words as their password phrase. Be that as it may, if somebody gets the salt value that is used with some password, at that point attackers simply add this salt value to the end of every dictionary word they try in their attack. To make brute forcing more troublesome, random salts can be used, one for every password key. Bcrypt, for instance, is a hashing algorithm that includes the use of unique salts per hash by default.
As much as we hear that the concepts of passwords are dead, password management will be playing an important role quite a while to come, so securing them as much as could be expected will be to your greatest advantage. Numerous security topics can lead you down an endless rabbit hole, password security and cryptology are one of those topics.
In the next article, we will be talking about Multi-Factor Authentication or Two Factor Authentication (2FA).
More on Security Topics :