How do you Create a Secure Password?
September 4, 2014
My password is e10adc3949ba59abbe56e057f20f883e.
Passwords are the keys to our digital lives. How can you make sure your password is strong enough to pass security requirements and avoid getting hacked? Read on for pro secrets.
Recently, I stumbled on a YouTube video from Tom Scott, someone whose short, focused videos are easy to watch. This particular video focused on passwords, check it out here. It’s seemingly obvious stuff for me and should be for most developers. But that’s the problem; the world isn’t entirely comprised of developers. (Shocking I know!)
In fact, the majority of people don’t have a clue about most technologies. Admittedly, I have no idea how my car’s engine converts liquid gold (gas) into forward movement, but a trusted mechanic could probably teach me a thing or two. In short, we all have limited knowledge based on our career and life experience, and as developers it’s our job to educate others on proper computer safety.
Hopefully, you have more than one password already, (if not, check out LastPass, my preferred password manager). As a web development company, we frequently create sites that require user authentication.
Our biggest rule1 concerning password persistence is that it should never be stored in plaintext. This rule can be met through either a hashing algorithm or an encryption algorithm.
At a very high level, hashing is defined as operations performed on a given input that result in a value which cannot be pushed through a reverse variation of the operations to result in the initial value. Encryption, on the other hand, would allow for the initial value to be retrieved using the result of the operation by passing it through a complementary set of operations.
Here’s how you create a secure password using these algorithm’s:
Simple Hashing Example:
Operation: Sum all digits together
Operation: 1 + 0 + 5 + 9 + 5
Hash Value: 20
Given 20, it’s not possible to define an operation that will return to 10595 with certainty, even knowing that it was generated using a simple addition operation.
Simple Encryption Example:
Encryption Operation: Raise to the power of 4
Encryption Operation: 10595 ^ 4
Encrypted Value: 12600966128700625
Decryption Operation: Quadruple root the encrypted value
Decryption Operation: ∜12600966128700625
Decrypted Value: 10595
Knowing that the operation was exponential, the encrypted value can be reverse-calculated, and if the specific exponent in use was discovered, all encrypted values could be made available.
Note: Salting is a common practice that thwarts potential hackers by minimizing the amount of data learned from one successful attack against other entries in the system.
Of course, a typical password is rarely interpreted as a series of digits. Instead, a conversion is performed on the value of your password into a numerical equivalent, whether encoding it as the ASCII numeric equivalent or some other mechanism. At the end of the day, it’s all 1s and 0s.
Our typical approach is to rely on a hashing algorithm unless otherwise required, which has served us and our clients well.
If this was all news to you don’t feel bad, now you’re in the know! Tweet us @GeekHive with any development topics you want to learn more about.
1: unwritten rules
Stay up to date with our email updates!