Blog

Remember this clip from Spaceballs? It may be April 1st, but believe it or not this is still one of the most used passwords.

Each year SpashData compiles a list of the most commonly used worst passwords. 2013 was no better on balance than previous years, which is surprising given all the media coverage surrounding us these days concerning online security.

There are several ways a website can store your password:

1. Plain text: This means passwords are stored on a website’s database in human readable form. So no matter how good your password is, it wont make any difference. Most big websites won’t use this method but you can easily find out if they are by requesting your ‘forgotten’ password. If they email you your actual password, chances are its stored in plain text.
2. Basic password encryption: Involves encrypting a password with a randomly defined key. This key would then need to be used to decrypt your password. This adds a basic level of encryption but its likely this key is stored in plain text in the database.
3. Hashed passwords: Is a method whereby encryption algorithms are used to obtain an encrypted password. This is a one way process for which you are unable to obtain the original password. However, some websites show the original password text for some of the more popular/weak passwords, like those mentioned by SpashData. The most used encryption algorithms are: MD5, SHA-1, SHA-256, SHA-512 (the latter two are known as SHA-2). However, some problems have been found with MD5 and SHA-1, where the same encrypted password can decrypt into two different passwords.
4. Hashed passwords + salt: Same method used as above but a password is given some salt, which is a specific string added to a specific point of the password before it is encrypted. This will often give a password extra complexity so it cannot be guessed by predetermined lists of commonly used passwords.
5. Slow hash: Uses the same encryption algorithms used in hash methods, but the computation of the result is slowed down to a configured time so that during a brute force attack it will take longer to work out raw passwords.

The key to increasing your online security would be to use a different strong password per site but don’t forget you can protect yourself further by using a different email address per website. Your main email address would remain the same but you would setup email forwarding from one address to the main one. So if one website was to get hacked the others would be safer. This would also allow you to keep track of companies selling on your email address. Should a company do so and you’re not happy with this, you are entitled by law to have your email address taken off specific mailing lists.