How can passwords be stored securely in a database?
The issue of storing passwords in a database is one that requires looking closely at data encryption and security protocols that will stop these valuable pieces of data from being hacked or stolen. Experts have come up with some fairly reliable standards for keeping stored passwords in a database more secure.
In addition to principles and strategies for password protection, it helps to promote the use of relatively strong passwords that resist easy guesses by hackers. In addition, engineers and administrators must look at the vulnerability of traffic coming into or out of a database, to prevent different types of password theft.
One fundamental part of password security, in terms of database storage, is called a hash function. A hash function is a complex function that changes a text password into a more complex set of characters by using more complex operations than a familiar mathematical operation such as multiplication. Using hashes and hexadecimal formats can help those who are storing passwords on a database to confuse hackers. Hashes are also used to substitute shorter character strings for longer ones to make data storage and retrieval more efficient.
Another critical aspect of password storage encryption is often called "salt." The principle of salting passwords involves creating additional characters after a text string that are not part of the actual data being stored, but are just useless and insignificant symbols that help to disguise a password. Some refer to salt characters as "noise."
Using complex values and salt, and keeping different types of password keys in strategic places, can help to encrypt the passwords that are stored in a database. Processes for encryption are always evolving, and new technologies could provide additional opportunities for storing valuable data in secure ways. Professionals often use these emerging standards as a reference. For instance, as the technology Pretty Good Privacy (PGP) (which uses hashes) emerged in the early 1990s, it became a standard for encryption.
More Q&As from our experts
- What does the mobile network state mean?
- With more big data solutions moving to the cloud, how will that impact network performance and security?
- What is the difference between cloud computing and web hosting?
- Information Assurance
- Wi-Fi Protected Access
- Wi-Fi Protected Access II
- Port Knocking
- SQL Injection
- Cross Site Scripting
- Access Control List (Microsoft)
- Data Encryption Standard
Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.