In an email response to a SecurityWeek inquiry, IT security expert Sorin Mustaca said that the surprising fact is that the 2012 hack of Dropbox didn’t emerge earlier, along with the other mega-breaches. He also notes that the use of the SHA1 hashing algorithm with salting improves the security of these passwords.
“Fortunately, Dropbox was using the SHA 1 hashing algorithm (today this is not considered “strong” anymore) and it was using salting even in 2012 – an operation that many other services don’t do even today. Many are using legacy systems which make use of MD5 without hashing – I guess that the ‘never change a running system’ is still applied literally in many websites,” Mustaca said.
To stay protected, he says, users should create unique passwords for each of the services they use, never reuse passwords, and enable two-factor authentication wherever it is available. Service providers should never store passwords in plain text or encrypted, but should use a strong hashing function with a solid salt.
– Create a unique password for each service you use. Read my free eBook in order to learn how to create unique good passwords and to remember them as well.
– Don’t reuse passwords on multiple websites.
– Enable two-factor authentication whenever available
For service providers:
– Never store passwords in plain text or encrypted – just hashed
– Use a strong hashing function with a solid salt to hash passwords
© Copyright 2016 Sorin Mustaca, All rights Reserved. Written For: Sorin Mustaca on Cybersecurity
Check www.endpoint-cybersecurity.com for seeing the consulting services we offer.
Visit www.itsecuritynews.info for latest security news in English
Besuchen Sie de.itsecuritynews.info für IT Sicherheits News auf Deutsch