How many of us know exactly how users passwords are stored in your application 🤔

Devanand Premkumar
10 replies
Do you make use of any password hashing algorithms? If yes, what are they? 1. plain text 2. pbkdf2, 3. bcrypt, 4. scrypt, 5. argon2, 6. Balloon 7. others 8. Not sure Let us hear more about your password storage mechanism.

Replies

IT specialist
Is option "plain text" is decilne of hashing algorithm, and should never be used?
Security Researcher
@jan_mazurek Totally agree with you that plain text should never be used. However there are still very many applications making use of plaintext passwords. In the event of a data breach, that could turn potentially a disaster scenario.
I came. I lurked. I commented.
I'm a former KeyPass and 1Password user. I now use Bitwarden and am very pleased with both PC and Mobile apps (as well as their Chrome extension). One of the reasons I moved to Bitwarden was its ease of use - with which my wife agreed. Here is Bitwarden's page where they discuss encryption methods as it relates to storing passwords and encrypting a user's 'vault'. https://bitwarden.com/help/artic... [To answer your question: pbkdf2]
Share
Security Researcher
@neadreport That is good to hear. As an end-user having awareness of password storage shows your interest in password security. Cheers
Share
For me, it 3rd option bcrypt.
Share
Security Researcher
@manan_kevadiya bcrypt is also my choice of password storage :)
Co-founder @LoginRadius, #developer
having passwords one-way hashed is critical to protect accounts. I don't think 'plain text' should be in the option anymore..:) PBKDF2 with unique salt and iterations is most secure. FYI: list of most commonly used algos: https://www.loginradius.com/docs...
Share
Security Researcher
@dip_ak Oh yes for sure, plain text passwords should never ever be used in any environment for sure. Considering the numerous data breaches hitting the media, it is always advisable to keep super sensitive data like passwords using safe and secure password hashes created exclusively for such.
How about we eliminate password! I'm working on a product which will eliminate passwords for everyone. We are soon releasing the API for public so you can also onboard users hassle free and without the need to maintain any kind of database for passwords.
Share
Security Researcher
Happy to hear about your upcoming launch. Wishes in advance :) We are hearing talks about eliminating passwords for quite some time. We need something robust enough to handle all the daily day-to-day requirements. Think about the numerous applications and websites which are dependent on passwords. How do we migrate them to a password-less environment? How do we handle the lost password requirement for password-less tool/technique/process? Think big ,for this is an opportunity which has the potential to impact more people than what we can imagine.