Skip to main content

Posts

Showing posts from August, 2012

How to identify websites with weak password storage

A lot of high-profile hacks have been in the news lately and various tech journalists are trying to sort through how to fix the problems of weak password selection and password storage that are rampant. While I have technical solutions to the problems, you, the user, are at the mercy of most programmer's whims.

However, there is something you can do about it. Once you know what to look for, you can identify websites that have weak password storage mechanisms behind the scenes. Today, I'll show you how to identify those websites that are storing your password incorrectly so you can contact them and educate them.

There are several common ways that passwords are stored:

Plain text.Encrypted.Hashed.Salted and hashed.'bcrypt'-style (bcrypt, scrypt, etc).
If you use a tool like KeePass, you will run into quite a few websites that store passwords in plain-text and possibly encrypted with a single key. The programmer thought "15 characters is plenty for a password"…