How to store passwords

0 votes
For my application, I need to securely store user passwords. What are the best practices for securely storing passwords in a database to protect against attacks? Should I use specific hashing algorithms or libraries to ensure password security?

Guidance on implementing password storage securely would be greatly appreciated, especially with details on encryption and hashing.
Nov 13 in Cyber Security & Ethical Hacking by Anupam
• 5,390 points
29 views

1 answer to this question.

0 votes

Passwords must be stored safely to prevent unwanted access to user accounts. To protect passwords in your database, adhere to these best practices:

1. Hashing

Use a password hashing algorithm: Don't store raw passwords; instead, store hashed versions.

Choose a suitable algorithm:

  • Recommended: Bcrypt, PBKDF2, or Argon2.
  • Acceptable: If Argon2 is not practical, Scrypt is acceptable.
  • Avoid: MD5, SHA-1, and SHA-256.

2. Hashing Configuration

Salt:

  • For every password, use a different salt that is generated at random.
  • Keep the hashed password and the salt together.

Iterations/Work Factor:

  • To slow down the hashing process and increase its resistance to brute-force attacks, increase the number of iterations.
  • Strike a balance between performance and security.

Key Size:

  • Use a key size that is appropriate for the selected algorithm, such as 128 bits or greater.

3. Storage

  • Store the hashed password and salt in a single, indexed column.
  • Use a secure database with access controls, backups, and regular security updates.

4. Verification

When verifying a password:

  • Retrieve the stored hashed password and salt.
  • Hash the provided password using the same algorithm, salt, and configuration.
  • Compare the resulting hash with the stored hash.

5. Additional Security Measures

Implement password policies:

  • Password length and complexity requirements.
  • Expiration and rotation policies.

Use additional security features:

  • Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA).
  • Rate limiting and IP blocking for brute-force protection.
answered Nov 13 by CaLLmeDaDDY
• 6,540 points

Related Questions In Cyber Security & Ethical Hacking

+1 vote
1 answer
+1 vote
1 answer

How to find IP address of nodes in my network?

The IP address of the nodes connected ...READ MORE

answered Feb 9, 2019 in Cyber Security & Ethical Hacking by Omkar
• 69,220 points
4,946 views
0 votes
1 answer

How to find MAC address using IP address?

To find the MAC address, run this ...READ MORE

answered Feb 9, 2019 in Cyber Security & Ethical Hacking by Omkar
• 69,220 points
2,359 views
0 votes
1 answer

How to attack RSA algorithm?

There are different approaches used to attack ...READ MORE

answered Feb 12, 2019 in Cyber Security & Ethical Hacking by Omkar
• 69,220 points
1,674 views
+1 vote
1 answer

How do you decrypt a ROT13 encryption on the terminal itself?

Yes, it's possible to decrypt a ROT13 ...READ MORE

answered Oct 17 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
114 views
+1 vote
1 answer
+1 vote
1 answer
+1 vote
1 answer
0 votes
1 answer

How to store passwords in a database?

To securely store passwords in a database, ...READ MORE

answered Nov 7 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
36 views
0 votes
1 answer

How to store passwords in a database?

Passwords must be safely stored in order ...READ MORE

answered Nov 11 in Cyber Security & Ethical Hacking by CaLLmeDaDDY
• 6,540 points
36 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP