Unsecure passwords = unsecure life

Avid Internet users enjoy the luxury of having everything they need at their fingertips. With one password, they can check bank statements, social media accounts and emails. The password they use to keep all these accounts secure is important because it only takes one malicious user to access someone else’s account to one site due to an insecure password for their entire online presence to be compromised.

Online websites store user passwords in databases three different ways.

Dolan shows the difference between a hashed password and a plain text password.

Dolan shows the difference between a hashed password and a plain text password.

Plain Text

The first and least secure way is plain text, which essentially means the website keeps a table of user names and passwords some where with little to no protection from malicious users.

Encryption

The second form of password storing is encryption. With encryption websites randomly jumble passwords, so that if a malicious user finds it in the site’s database it doesn’t look like a user’s original password. “Encryption is closely related to the word decryption. Anything that can be encrypted can be decrypted, i.e. someone can hack your password,” says Nicholas Dolan, a computer science sophomore.

Hashing

The safest way for a website to store passwords is through hashing. “When you hash a password, you can never get back to the original. Its like taking a password, putting a bomb inside of it, lighting the fuse and when the bomb blows up… they scrape up the ashes and they just kind of smear it in the data base,” says Dolan.

The way to figure out if your password is being protected properly is by using the Forgot My Password function on a site. If a website emails you your password, they are most likely storing it through plain text or encryption, which is not the safest. If the site makes you reset your password, this implies that they may be hashing it.

Using the same password, especially unsecure passwords, for multiple sites is also an issue. If one uses the same password for Chase.com as they do for Examplesite.com, and his or her account is compromised on Examplesite.com, a malicious user now has the password to that person’s bank account.

Not only can careless websites and repeat passwords raise serious security issues, but cell phones can as well.

“People have a choice between choosing something secure and something easy and cell phones are all about quick and easy,” says Assistant computer Science Professor, Dr. John Burris. Cell phone users are notorious for choosing obvious, easy passwords like 0000, 1234, 9999, or the numbers right down the middle … 2580. With easy passwords like that, a cell phone can easily be hacked into.

Because most users personalize their cell phones in everyway possible, email accounts pop up with the click of an app, as well other accounts like Google Wallet, Amazon, Facebook and Twitter. Access to one’s phone can mean access to one’s entire life. Making it easy for malicious users to change to the logins to important accounts dealing with money or open up new credit cards accounts without the originally users ever knowing.

The effects of this are long term. 20 years down the line, a person may still be trying to fix their credit score due to having an unsecure password.

Longer passwords with little relevance to you and random, unexpected characters throughout make for the safest passwords. Swap of the 4 digit cell phones for an alphabet password or finger print password. Double and triple check all online sites for secure password storing and don’t use the same password for everything.

 

Student Nicholls Dolan gives more tips on how to create a secure password.

 

Share Button