Why You Should Worry Whenever a Service’s Password Database is Leaked

Stefan Mileschin · 2nd September 2013, 07:55

“Our password database was stolen yesterday. But, don’t worry — your passwords are completely safe.” We regularly see statements like this one online, but should we really take these assurances at face value?

The reality is that password database compromises are a concern. However, if you use unique passwords everywhere, you shouldn’t need to worry too much.
How Passwords Should Be Stored

Here’s how passwords should be stored in an ideal world: You create an account and provide a password. Instead of storing the password itself, the service generates a “hash” from the password. This is a unique fingerprint that can’t be reversed. For example, the password “password” may turn into something that looks more like “4jfh75to4sud7gh93247g…”. When you enter your password to log in, the service generates a hash from it and checks if the hash value matches the value stored in the database. At no point does the service ever save your password itself to disk.

http://www.howtogeek.com/171236/why-...ase-is-leaked/

2nd September 2013, 07:55	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 153,541	Why You Should Worry Whenever a Service’s Password Database is Leaked “Our password database was stolen yesterday. But, don’t worry — your passwords are completely safe.” We regularly see statements like this one online, but should we really take these assurances at face value? The reality is that password database compromises are a concern. However, if you use unique passwords everywhere, you shouldn’t need to worry too much. How Passwords Should Be Stored Here’s how passwords should be stored in an ideal world: You create an account and provide a password. Instead of storing the password itself, the service generates a “hash” from the password. This is a unique fingerprint that can’t be reversed. For example, the password “password” may turn into something that looks more like “4jfh75to4sud7gh93247g…”. When you enter your password to log in, the service generates a hash from it and checks if the hash value matches the value stored in the database. At no point does the service ever save your password itself to disk. http://www.howtogeek.com/171236/why-...ase-is-leaked/

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Google Mine service reportedly leaked, lets Google+ friends share real goods	Stefan Mileschin	WebNews	0	24th June 2013 10:52
Don't Worry, She'll Hold Together! - Fans Build Full Scale Millennium Falcon	Stefan Mileschin	WebNews	0	7th December 2012 07:46
Kill the Password?	Stefan Mileschin	WebNews	0	27th November 2012 08:02
Apple: don't worry about hot iPad reports, it's cool	Stefan Mileschin	WebNews	0	21st March 2012 08:02
GPU Processing and Password Cracking	jmke	WebNews	0	10th October 2010 13:53
Download Leaked Windows Vista Service Pack 2 RC	jmke	WebNews	0	23rd February 2009 18:52
Linux PCs: Customer service or lip service?	Sidney	WebNews	0	3rd November 2005 05:10
Gates on Google: What, me worry?	Sidney	WebNews	0	16th September 2005 16:09