We have seen a rise of cyberattacks in the recent past. One of the juiciest targets for malicious hackers is the password, a string of letters, numbers and characters used to authenticate online users. On the occasion of World Password Day, we take a look at why companies and developers should leverage the best techniques to protect passwords.
As more people move to virtual online usage, protecting passwords becomes more important. According to research, there is a psychological challenge among people when it comes to managing passwords which can be easily exploited by hackers.
We already know that passwords also should be strong enough. They should be at least 15 characters long with both uppercase letters, lowercase letters numbers and special characters.
According to Adam Palmer, Chief Cybersecurity Strategist at Tenable, “Every time a researcher with time on their hands searches through the stolen password databases, it reveals millions are still using 123456 as a password, so the chances of changing password behaviour are nothing short of a miracle.”
Weak passwords serve as a huge security threat for millions of businesses. But, passwords are anyway the most used authentication tool in today’s era even though other authentication techniques have been in place for years such as two-factor authentication, biometrics and hardware tokens.
With each new online account, people have to remember new passwords and so it’s better to use a password manager that has hashing algorithms. Password protection should be designed in a way that they are free from vulnerabilities and sophisticated attacks such as man-in-the-middle.
Hackers Will Do Everything To Crack Passwords
There are multiple automatic attack schemes which hackers can leverage to exploit enterprise systems. “The sheer volume of stolen users’ passwords available for sale on the dark web highlights that the problem is less about having strong passwords or phrases, and more about users creating unique codes for each online account to limit the damage from database breaches,” Palmer said.
Storing passwords in an unencrypted format is like a sin, and companies doing that are waiting to just get hacked. Developers need to create cryptographically protected systems so that hackers do not gain access to passwords. Also, there needs to be a limited number of access attempts to login attempts on any system. This prevents Brute Force attacks to happen.
Also, merely relying on encryption is not enough as hackers can even crack through encryption. In a case when a malicious entity gains access to the encryption key, encryption would serve quite useless.
Advanced Techniques Are Needed For Safeguarding Passwords
Developers need to, therefore, rely upon advanced techniques, like hash functions, salt to make sure that hackers are prevented from gaining access to passwords. Most of the modern-day passwords rely on matching the computed hash with the stored hash to gain access to web services. Every unique password is represented by the same length hashes, and hackers cannot access them or decode passwords easily unless through means like rainbow tables.
Hashing can be made stronger by using additional data known as salt. Salt is also called a nonce, which is a number used once. And it generates a random string of bytes that can be included in the hash calculation along with the actual password. It also prevents users with the same password getting the same hash.
“Given the reliance on passwords doesn’t appear to be reducing, and if anything, our virtual identities are increasing, password managers that create and store complex passwords are essential. This year, as a spotlight is once again on passwords, instead of advocating complex recipes and codes, do yourself a favour and automate,” added Palmer.
Provide your comments below
If you loved this story, do join our Telegram Community.
Also, you can write for us and be one of the 500+ experts who have contributed stories at AIM. Share your nominations here.
Vishal Chawla is a senior tech journalist at Analytics India Magazine and writes about AI, data analytics, cybersecurity, cloud computing, and blockchain. Vishal also hosts AIM's video podcast called Simulated Reality- featuring tech leaders, AI experts, and innovative startups of India. Reach out at firstname.lastname@example.org