Storing Passwords

More often than not I see big errors in how passwords are stored in database. Because of that I decided to make little series about passwords and how to handle them. In this first installment I will go over two biggest errors you can make as far as password storage is concerned.

Definitely worst thing to do is to store plain-text password in database. This is just unacceptable. If any user gains access to your database all your users are compromised. Since most users tend to use same password for multiple purposes and web sites, compromising password for some internal application could also mean compromising password for Amazon or PayPal account.

Almost as bad is storing passwords using reversible encryption (DES, AES or similar two-way algorithms). While data looks properly encrypted it is still possible to get original password. If your program can get to password, so can somebody else. Always assume worst.

For storing passwords you MUST use irreversible encryption. For properly hashed passwords bad guys must resort to dictionary and brute-force attacks. Losing hashed passwords is also not desirable but at least you buy some time.