What can you learn from data loss—beyond that you don’t want it to happen to you?
If you’re a user:
- Use stronger passwords—and use a different one for each site that stores information you care about.
- Use password management software, such as 1Password, KeePass, or LastPass. Some of these tools will even generate hard-to-crack passwords for you.
If you’re responsible for password databases:
- Don’t ever store passwords in clear text.
- Always apply a randomly-generated salt to each password before hashing and encrypting it for storage.
- Don’t just hash your salted password once and store it. Hash multiple times to increase the complexity of testing each password during an attack. It’s best to use a recognized password crunching algorithm such as bcrypt, scrypt or PBKDF2.
- Compare your site’s potential vulnerabilities to the OWASP Top Ten security risks, especially potential password vulnerabilities associated with broken authentication and session management.
- Finally, protect your password database, network and servers with layered defenses.
< Back Next >