Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Hashes are not infallible, that's why md5 or sha1 aren't as prevalent nowadays mainly because of the number of collisions that have been found. It's only a matter of time before the same thing happens with sha256 etc .... biometric data isn't much better tbh. The best way to have a secure password nowadays is to use a pass phrase not a word.
-
@Geekology Fingerprints and retinas are already useless anyways when it should do more than buy enough time, some face recognition systems were cracked too.
And the rest is just a question of time. -
DrEmann2538yIf anyone is using a hash like md5, sha1, sha256, or sha3 for passwords, they should be fired. They're simply too fast. Use a hash built for password hashing.
-
@teganburns it's faster but not better IMO. Password complexity is the the key. Even 2factor auth has been bypassed. Use complex pass phrases and change them regularly. That's the only way to keep your data secure.
-
@teganburns and there is the problem, you get notified after the they have already gained access. Signing into one account gives you access to all related accounts. All it takes is for them to change your password and you have lost everything. Keeping separate pass-phrases at least ensures that not all accounts can become vulnerable. And remember, pass phrases not passwords. I've worked in cyber security for a few years so I know where vulnerability can be found and what's safe, no matter what new tech or mechanism the safest approach is still pass-phrases, and I'm talking about a good long phrase not just two words.
Related Rants
It's gotten to the point where I am legitimately impressed when I can tell a service is hashing their passwords.
All of these unnecessary complications of "must not have more than 2 of the same character in a row" but "can't be more than 12 characters" requirements make me think that the passwords are being saved in plain text.
Amazon and Dropbox do it right - present the user with an input box and no requirements printed anywhere.
undefined
password requirements
passwords
hashing