This post follows up on the two-minute tech tip I recorded for Episode 255 of the Just the Books podcast. This post continues the discussion of website trust and credibility focusing on the recent LinkedIn password incident and ways to protect passwords.
Earlier this week it was reported and confirmed that a large number of hashed LinkedIn passwords were stolen.
Beyond reminding users to create strong passwords and change them routinely, this has introduced a few new words into the lexicon of many people.
Hashes take an input, a string, and encode it into another string of a pre-determined length. If the input string is altered, then the resulting hash will different. They are often used for password management. Passwords are a secret code used to identify and provide access.
- My Seven Tips for Passwords
- LinkedIn’s post on Updating Your Password on LinkedIn and Other Account Security Best Practices
- Twitter Account Hacked? How To Stop The Spam
- Google’s Stay safe online guide to Passwords
- Microsoft’s Guide to Create strong passwords – includes link to a evaluate a passwords strength.
- Password Meter another site to determine password strength.
- The Dirty Truth about Web Passwords
Rainbow Tables are lists that let you reverse (“crack”) the hashed password. They are pre-computed for a specific length of password and set character set. If a password is longer than the rainbow table or includes characters not in the table, it is immune from attack from that particular table. The links below are pretty math/programming/developer intensive, but perhaps you’ll find them of interest.
- How Rainbow Tables Work – an approachable explanation
- Enough With The Rainbow Tables: What You Need To Know About Secure Password Schemes (2007, for programmers)
- Rainbow Hash Cracking
- Rainbow Table is Dead
Salt is random bits added to a password before storage. Adding these extra characters increases security and assists in some protection against hacking.
Password Managers are services that remember your passwords so you don’t have to. They will generate and store passwords for you. You just need to recall the master password to get into the encrypted database.
- LastPass – this popular tool offers many free features or you can pay for some premium additional services.
- KeePass – is similar to LastPass the difference is that it is opensource. This means that you can have a look at its full source and check whether the encryption algorithms are implemented correctly.