In 1967 Roger Needham, one of the first computer scientists to emphasize the need for computer security, invented the method of storing a hashed version of plaintext passwords. To this day, we still use this method to keep our passwords safe. Let’s go over how password hashing works and what you can do to protect your network against password attacks.
How hashing works
In this method, the plaintext passwords users enter are hashed using a preset algorithm like SHA 256 or MD5. In most cases, the algorithm converts the plaintext into a numbered hash using a one-way computable function. The hashed password is stored in the system when users set their passwords for the first time. For every login after that, the password is hashed using the same one-way function and the same algorithm. The obtained hash value is compared to the stored hash value and users are given access if the hashes match.
Passwords are not completely safe even after hashing
Before hashing was devised, passwords were stored in systems as plaintext, which made them easy for hackers to access. Hashing has made it much more complicated for hackers to gain access to passwords, but it’s still not impossible. With the advancement of cyberattacks, no security method is foolproof. As password storage and recovery mechanisms improve, hackers are formulating more advanced breach techniques like social engineering, brute force attacks, phishing, and the like.
Better safe than sorry
The first step in keeping your network safe is to make sure both end users and administrators are informed about common password attack methods and how they can overcome them. Once administrators are aware of the prevention mechanisms, they can implement them to cut down on password attacks.
Wouldn’t it be nice if there was an easy way to understand common password attacks and their prevention mechanisms? Look no further!
Read our industry expert’s guide, “The shifting landscape of password attacks and how to keep up with it”, to better understand password attacks and learn how you and your team can avoid them. The guide also explains why Microsoft’s password policy is inadequate and which tools you need to use to implement strong password policies.