Password Security Best Practices

Why is it dangerous for applications to store passwords as plain text?

Plain text passwords are difficult to read.
Plain text passwords offer better security.
Hackers can easily access usernames and passwords if they find the database. (correct)
Storing passwords as plain text saves storage space.

What is the recommended way to store passwords securely?

Using a hash function to convert the password into a unique string. (correct)
Storing passwords in plain text in a database.
Printing out the passwords and storing them in a safe.
Encrypting passwords with a simple algorithm.

How does hashing a password differ from storing it as plain text in a database?

Storing passwords as plain text is faster than hashing them.
Hashed passwords can be easily decrypted by attackers.
Hashed passwords provide better security as they are irreversible. (correct)
Plain text passwords are shorter in length compared to hashed passwords.

Why does the text mention that hashes are a 'one way trip'?

Once hashed, a password cannot be retrieved back to its original form. (C) Signup and view all the answers

What happens if an attacker gains access to a database storing plain text passwords?

The attacker can uncover everyone's usernames and passwords easily. (A) Signup and view all the answers

What advantage do hashes offer compared to plain text when storing passwords?

Hashes ensure that each password has a unique representation that cannot be reverted back. (B) Signup and view all the answers

What kind of attack involves programmatically stepping through every possible combination of a password offline?

Brute force attack (C) Signup and view all the answers

What do attackers use in a dictionary attack to try to find passwords?

Common words from dictionaries (B) Signup and view all the answers

Which method involves taking advantage of external high-speed processors for password cracking?

GPU attack (A) Signup and view all the answers

What is the purpose of a rainbow table in password cracking?

Quickly searching for passwords based on precomputed hashes (D) Signup and view all the answers

What type of attack would an attacker be performing if they were trying to match hashes against a list of precomputed hash values?

Rainbow attack (B) Signup and view all the answers

What is a common strategy used by attackers during a dictionary attack?

Performing letter substitutions (C) Signup and view all the answers

Which type of attack generally leads to an account being locked out due to multiple incorrect password attempts?

Brute force attack (C) Signup and view all the answers

'1234' is an example of what kind of password commonly used in weak security scenarios?

'dictionary' password (B) Signup and view all the answers

What method do attackers use to find common passwords like 'ninja' or 'dragon' after performing a dictionary attack?

Search through rainbow tables (D) Signup and view all the answers

What is the main characteristic of a cryptographic algorithm mentioned in the text?

It cannot be reversed (B) Signup and view all the answers

What hashing algorithm is specifically highlighted in the text?

SHA-256 (B) Signup and view all the answers

Why is it impossible to restore the original password from its hash?

The original password is not stored within the hash (A) Signup and view all the answers

What type of attack involves trying some common passwords on multiple accounts?

Spraying attack (B) Signup and view all the answers

Why do attackers use spraying attacks instead of brute force attacks?

To avoid generating alarms and account lockouts (B) Signup and view all the answers

What is a strong indicator that somebody is attempting unauthorized access to an account?

Triggering alarms and alerts (A) Signup and view all the answers

In a brute force attack, what is the method used to determine a password?

Try every possible combination until a match is found (C) Signup and view all the answers

How do attackers usually obtain usernames and password hashes from a system?

Downloading the password file from the system (C) Signup and view all the answers

What is the purpose of hashing passwords in a system?

To encrypt passwords for secure storage (D) Signup and view all the answers

What differentiates a spraying attack from a brute force attack?

Spraying attack involves trying common passwords, while brute force tries all possible combinations. (A) Signup and view all the answers

What is the purpose of including a salt when storing passwords?

To prevent rainbow table attacks (B) Signup and view all the answers

Why do different rainbow tables need to be created for different applications or operating systems?

Due to different methods used to create hashes (A) Signup and view all the answers

What happens if two users have the same password but are using salted hashing?

The hash stored in the table is different for each user (D) Signup and view all the answers

What was the significance of 'collection number one' in January 2019?

It was a large scale data breach compromising millions of accounts (A) Signup and view all the answers

How does salting passwords impact the effectiveness of pre-built tables like rainbow tables?

Salting makes rainbow tables ineffective (C) Signup and view all the answers

What would be the drawback of an attacker when passwords are salted?

The attacker faces difficulties due to random salts (B) Signup and view all the answers

How does salting affect identical passwords of different users?

It converts them to different hashes (C) Signup and view all the answers

What information does 'haveibeenpwned.com' provide to users?

'Have I been part of any data breaches' information (D) Signup and view all the answers

'Collection number one' included over 1.1 billion unique what?

'Collection number one' emails (D) Signup and view all the answers

Besides preventing rainbow table attacks, what other reason is mentioned for using salts?

To differentiate between users with same password (B) Signup and view all the answers