issuhub.com

HWM Singapore – June 2019

(lily) #1 
LEARN

FIRST,HOW

PASSWORDS

ACTUALLYWORK

Mostpeoplethinkthatwhen

theyaretryingtologinto

theiraccountona website,

thewebsitesimplycompares

thepasswordtheyhave

inputwiththepassword

thattheyhavestoredin

theirdatabase.Soif your

passwordis “password123,”

it is storedassuchinthe

databaseandthewebsite

simplychecksif youhave

entered“password123”

againsttheirdatabasewhen

youaretryingtologin.

Thisis whatis knownas

storingpasswordsinplain

textandit is a lazyand

horriblesecuritypractice

A lot goes on

behind the scenes

in a password

manager. Here’s

what happens and

why it is a good

idea to use them.

PICTURES

123RF,WORDFENCE

How


password


manag ers


work


By Kenny Yeo

that, hopefully, no website

practices today.

Instead, most decent

websites store what is

known as a salted hash of a

password and not the actual

password itself. A hash is

a one-way function that is

applied to the password to

scramble it. This way,

if the website is hacked,

the hacker only gets his

hands on the hash of a

password and not the

actual password itself.

To make things even

more secure, random data

is typically added to the

password before it is hashed.

This random data is known

as a salt and is usually

appended and assigned to

a user’s password during

account creation. The

resultant hashed value is

known as the salted hash.

So the next time a user

logs in, the website takes

the password and looks

for the salt associated with

the account and checks if

the resultant hashed value

matches the salted hash that

it has in its database.

Now, access to the account

is given if the user is able to

reproduce the salted hash

by entering the password.

In other words, having the

salted hash alone isn’t going

to give the hacker access to

anything. The hacker must

be able to reconstitute the

 nal hash value through the

use of the real password.

PASSWORD

MANAGER 101

Password managers are apps

that help users generate,

store, and then retrieve

passwords so that users

don’t have to remember

them. The idea is that users

only need to remember

a single strong master

password since the password

manager remembers and

manages the passwords for

all of your accounts.

There are two main kinds

of password managers:

cloud-based ones and of ine

ones. The former stores your

passwords in the cloud so

that it can be accessed on

86 HWM | JUNE 2019
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.