Password Security Best Practices
35 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

Why is it dangerous for applications to store passwords as plain text?

  • Plain text passwords are difficult to read.
  • Plain text passwords offer better security.
  • Hackers can easily access usernames and passwords if they find the database. (correct)
  • Storing passwords as plain text saves storage space.
  • What is the recommended way to store passwords securely?

  • Using a hash function to convert the password into a unique string. (correct)
  • Storing passwords in plain text in a database.
  • Printing out the passwords and storing them in a safe.
  • Encrypting passwords with a simple algorithm.
  • How does hashing a password differ from storing it as plain text in a database?

  • Storing passwords as plain text is faster than hashing them.
  • Hashed passwords can be easily decrypted by attackers.
  • Hashed passwords provide better security as they are irreversible. (correct)
  • Plain text passwords are shorter in length compared to hashed passwords.
  • Why does the text mention that hashes are a 'one way trip'?

    <p>Once hashed, a password cannot be retrieved back to its original form.</p> Signup and view all the answers

    What happens if an attacker gains access to a database storing plain text passwords?

    <p>The attacker can uncover everyone's usernames and passwords easily.</p> Signup and view all the answers

    What advantage do hashes offer compared to plain text when storing passwords?

    <p>Hashes ensure that each password has a unique representation that cannot be reverted back.</p> Signup and view all the answers

    What kind of attack involves programmatically stepping through every possible combination of a password offline?

    <p>Brute force attack</p> Signup and view all the answers

    What do attackers use in a dictionary attack to try to find passwords?

    <p>Common words from dictionaries</p> Signup and view all the answers

    Which method involves taking advantage of external high-speed processors for password cracking?

    <p>GPU attack</p> Signup and view all the answers

    What is the purpose of a rainbow table in password cracking?

    <p>Quickly searching for passwords based on precomputed hashes</p> Signup and view all the answers

    What type of attack would an attacker be performing if they were trying to match hashes against a list of precomputed hash values?

    <p>Rainbow attack</p> Signup and view all the answers

    What is a common strategy used by attackers during a dictionary attack?

    <p>Performing letter substitutions</p> Signup and view all the answers

    Which type of attack generally leads to an account being locked out due to multiple incorrect password attempts?

    <p>Brute force attack</p> Signup and view all the answers

    '1234' is an example of what kind of password commonly used in weak security scenarios?

    <p>'dictionary' password</p> Signup and view all the answers

    What method do attackers use to find common passwords like 'ninja' or 'dragon' after performing a dictionary attack?

    <p>Search through rainbow tables</p> Signup and view all the answers

    What is the main characteristic of a cryptographic algorithm mentioned in the text?

    <p>It cannot be reversed</p> Signup and view all the answers

    What hashing algorithm is specifically highlighted in the text?

    <p>SHA-256</p> Signup and view all the answers

    Why is it impossible to restore the original password from its hash?

    <p>The original password is not stored within the hash</p> Signup and view all the answers

    What type of attack involves trying some common passwords on multiple accounts?

    <p>Spraying attack</p> Signup and view all the answers

    Why do attackers use spraying attacks instead of brute force attacks?

    <p>To avoid generating alarms and account lockouts</p> Signup and view all the answers

    What is a strong indicator that somebody is attempting unauthorized access to an account?

    <p>Triggering alarms and alerts</p> Signup and view all the answers

    In a brute force attack, what is the method used to determine a password?

    <p>Try every possible combination until a match is found</p> Signup and view all the answers

    How do attackers usually obtain usernames and password hashes from a system?

    <p>Downloading the password file from the system</p> Signup and view all the answers

    What is the purpose of hashing passwords in a system?

    <p>To encrypt passwords for secure storage</p> Signup and view all the answers

    What differentiates a spraying attack from a brute force attack?

    <p>Spraying attack involves trying common passwords, while brute force tries all possible combinations.</p> Signup and view all the answers

    What is the purpose of including a salt when storing passwords?

    <p>To prevent rainbow table attacks</p> Signup and view all the answers

    Why do different rainbow tables need to be created for different applications or operating systems?

    <p>Due to different methods used to create hashes</p> Signup and view all the answers

    What happens if two users have the same password but are using salted hashing?

    <p>The hash stored in the table is different for each user</p> Signup and view all the answers

    What was the significance of 'collection number one' in January 2019?

    <p>It was a large scale data breach compromising millions of accounts</p> Signup and view all the answers

    How does salting passwords impact the effectiveness of pre-built tables like rainbow tables?

    <p>Salting makes rainbow tables ineffective</p> Signup and view all the answers

    What would be the drawback of an attacker when passwords are salted?

    <p>The attacker faces difficulties due to random salts</p> Signup and view all the answers

    How does salting affect identical passwords of different users?

    <p>It converts them to different hashes</p> Signup and view all the answers

    What information does 'haveibeenpwned.com' provide to users?

    <p>'Have I been part of any data breaches' information</p> Signup and view all the answers

    'Collection number one' included over 1.1 billion unique what?

    <p>'Collection number one' emails</p> Signup and view all the answers

    Besides preventing rainbow table attacks, what other reason is mentioned for using salts?

    <p>To differentiate between users with same password</p> Signup and view all the answers

    More Like This

    Use Quizgecko on...
    Browser
    Browser