Password Management and How Passwords Work

Passwords are the lifeblood of the internet I mean everything you do online requires a password. A password is defined as a word or string of characters used for user authentication to prove identity or access approval to gain access to a resource while is to be kept secret from those not allowed access. Before we can go over password management let’s explain how passwords work.

When you join a service, you create a username and password. The username and password are stored in an encrypted format either in a database or file. No two username and passwords are the same hash when they are stored.

When you go to log in again to the service you enter the username and password you created when you signed up for the service. The service again encrypts the username and password, then compares the hash against hashes in the file or database if it matches any of those hashes it knows you are a legit person and lets you into the service.

Passwords on good sites are stored encrypted so no one, not even the tell people can see what passwords stored in the file or database are plus if the company should have a security breach the attacker will not get the database just the database hashes. While this is still bad because someone can use a rainbow table attack to get the password it does take the severity of the attack down from just storing the passwords in cleartext.

A rainbow tables attack is a type of hacking wherein the perpetrator tries to use a rainbow hash table to crack the passwords stored in a database system. A rainbow table is a hash function used in cryptography for storing important data such as passwords in a database.

But sometimes your password can get compromised without the site ever getting hacked by something called a brute force attack. A Brute Force Attack is the simplest method to gain access to a site or server (or anything that is password protected). It tries various combinations of usernames and passwords again and again until it gets in.

Similar to a brute force attack a dictionary attack tries only those possibilities which are deemed most likely to succeed. Dictionary attacks often succeed because many people have a tendency to use short passwords that are ordinary words or common passwords, or simple variants obtained, for example, by appending a digit or punctuation character. Dictionary attacks are easy to protect against by using a passphrase or otherwise choosing a password that is not a simple variant of a word found in any dictionary or listing of commonly used passwords.

The best type of password to pick is one at least eight characters in length, has upper and lowercase letters numbers, and a unique character.

Any additional questions contact us.