Salt your hash

By Archean · 5 replies
Jun 8, 2012
Post New Reply
  1. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +422

    Linkedin,, eharmony. I have an account with the first 2. This crap has had me reconsider my password strategy. I used to have one master password and just modify it based on the site, that made things easy to remember, and my 'master' password was considered "strong". But if 2 sites get hacked that I have accounts on, then the game is up, you could figure out my password for any site. Sucks.

    Suppose this is a good warning to not put too much info about yourself online, regardless of the site/company/whomever.
  2. Archean

    Archean TechSpot Paladin Topic Starter Posts: 5,690   +96

    +1 on the info about one's self.

    I only use LinkedIn out of these, and I immediately changed password when I read early reports, hopefully no damage was done. On the password, I use different password for each site I regularly visit, so luckily I do not have to change passwords everywhere *phew*.
  3. Leeky

    Leeky TS Evangelist Posts: 3,797   +117

    I use Lastpass, with a very strong master password. This of course relies on you ensuring your systems are kept secure, and frequent changing of the master password, but it works wonderfully.

    Plus it means every login for every site has its own unique and randomly generated password, ensuring that no two logins are compromised should a website get hacked and your password be revealed in plain text to the hackers breaching it.

    It's probably overkill but I change the master password every 7 days, using a seriously long randomly generated, then modified password with special characters, upper and lower case letters and numbers. In the case of LinkedIn I had my password changed in a couple of seconds, and the risk went away.

    Its worth considering as a viable option for password management. I don't use it on my phone's though, as the security risk is increased. I keep the master password written down though, in case of theft of my hardware or something.

    Websites really should be securing passwords as high as possible, with hashes and salts, but as these attacks often prove, this isn't the case. It is up to the individual person to ensure their passwords are strong and secure. People need educating on this, as time and time again we see people using stupidly weak and easily guessed passwords.

    The user needs to reduce the security risk as much as possible, they shouldn't rely on any entity or website to do that for them. It just leads to problems further down the line.

    Another point is email accounts. Once a hacker has the login details its almost game over, as passwords for other services can just be "reset" by the hacker using your own email account. For this reason it's extremely important to enable multiple layers of security to prevent access to others by brute force.

    The problem is education of internet users, well the lack of it. That's what needs to change!
  4. bobcat

    bobcat TechSpot Paladin Posts: 688   +67

    I'd further add that one should not rely on the web in general, for example not use it as backup for important files. Even if passwords don't leak, the site could change policy without warning, disappear or crash with you losing everything.
  5. Benny26

    Benny26 TechSpot Paladin Posts: 1,535   +51

    If that's how you run your online life I would like to know what your policy would be on nuclear launch codes and how to handle the security around those :p

    I myself use the master password technique regarding websites, although I've never ever changed it. With some websites I wouldn't really care if I got hacked; Like Facebook for one, the worst thing someone could do with that is sign me up to Farmville...:eek:
    Leeky likes this.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...