Passwords are a sensitive and crucial part of an IT system, especially in older systems where logging into a system only required a username and password. Many accounts are compromised due to password leaks, which can happen in several ways, such as brute force attacks or social engineering.
Another method is known as “database dumping,” where an attacker exports the database data. If the system’s passwords are stored in a simple format, they can be easily cracked. Once attackers obtain passwords from one system, they often use them to try logging into other systems, as many people use the same password across different platforms.
In earlier years, there were instances where websites had their databases dumped, and the passwords in the database were stored in plain text, leading to a massive leak of user passwords.
Given the importance of passwords, how can they be stored to ensure they remain secure, even if the database is compromised?
Plain text passwords must never be stored
First and foremost, plain text passwords should never be stored in a database. This practice may have occurred in the early days of the internet, but any developer with a bit of experience knows that storing plain text passwords is absolutely unacceptable.
