How do you Create a Secure Password?

September 4, 2014

Blog | Technology | How do you Create a Secure Password?
How do you Create a Secure Password?

My password is e10adc3949ba59abbe56e057f20f883e.

Passwords are the keys to our digital lives. How can you make sure your password is strong enough to pass security requirements and avoid getting hacked? Read on for pro secrets.

Recently, I stumbled on a YouTube video from Tom Scott, someone whose short, focused videos are easy to watch. This particular video focused on passwords, check it out here. It’s seemingly obvious stuff for me and should be for most developers. But that’s the problem; the world isn’t entirely comprised of developers. (Shocking I know!)

In fact, the majority of people don’t have a clue about most technologies. Admittedly, I have no idea how my car’s engine converts liquid gold (gas) into forward movement, but a trusted mechanic could probably teach me a thing or two. In short, we all have limited knowledge based on our career and life experience, and as developers it’s our job to educate others on proper computer safety.

Hopefully, you have more than one password already, (if not, check out LastPass, my preferred password manager). As a web development company, we frequently create sites that require user authentication.

Our biggest rule1 concerning password persistence is that it should never be stored in plaintext. This rule can be met through either a hashing algorithm or an encryption algorithm.

At a very high level, hashing is defined as operations performed on a given input that result in a value which cannot be pushed through a reverse variation of the operations to result in the initial value. Encryption, on the other hand, would allow for the initial value to be retrieved using the result of the operation by passing it through a complementary set of operations.

Here’s how you create a secure password using these algorithm’s:

 

Simple Hashing Example:

 

Input: 10595

Operation: Sum all digits together

Operation: 1 + 0 + 5 + 9 + 5

Hash Value: 20

Given 20, it’s not possible to define an operation that will return to 10595 with certainty, even knowing that it was generated using a simple addition operation.

 

Simple Encryption Example:

 

Input: 10595

Encryption Operation: Raise to the power of 4

Encryption Operation: 10595 ^ 4

Encrypted Value: 12600966128700625

Decryption Operation: Quadruple root the encrypted value

Decryption Operation: ∜12600966128700625

Decrypted Value: 10595

 

Knowing that the operation was exponential, the encrypted value can be reverse-calculated, and if the specific exponent in use was discovered, all encrypted values could be made available.

Note: Salting is a common practice that thwarts potential hackers by minimizing the amount of data learned from one successful attack against other entries in the system.

Of course, a typical password is rarely interpreted as a series of digits. Instead, a conversion is performed on the value of your password into a numerical equivalent, whether encoding it as the ASCII numeric equivalent or some other mechanism. At the end of the day, it’s all 1s and 0s.

Our typical approach is to rely on a hashing algorithm unless otherwise required, which has served us and our clients well.

If this was all news to you don’t feel bad, now you’re in the know! Tweet us @GeekHive with any development topics you want to learn more about.

1: unwritten rules

Phil Azzi, Developer, GeekHive

Phil Azzi

Technical Lead
Tags
  • Best Practices
  • Security

Recent Work

Check out what else we've been working on