Why encrypt user passwords?

database security passwords
17,801

Solution 1

Because, hashing passwords will protect it from attacks from inside the organization. This way people who have access to the database won't know the user's password.

People have a habit of using the same password over and over, and so if your database is accidentally compromised, your organization isn't the one that makes the user's other accounts comprised in other organizations. Now should people do this, no, but they do, and it's a lot easier to hash the passwords, than it is to explain to your customers why someone on the inside got a hold of the passwords and caused damage to several accounts in other systems not related to yours.

If you think that this reason is too exaggerated, you might want to know that it actually happened to Jeff Atwood, Stack Overflow creator. He described how the whole Stack Overflow was compromised in his blog post "I Just Logged In As You: How It Happened".

Edit:

To further answer you question, your other sensitive data should be encrypted as well. A lot of cyber attacts are inside jobs, and I hate to say it, but you have to be paranoid about who can see what information. Anything that you deem sensitive that you don't want people to know unless they are specifically authorized to see that data, should be encrypted in the database. You are right there are times when comparing what can be stolen the password isn't that much of a concern to you. The key is "to you". It is to other people, and should be protected along with the other sensitive data in the system.

Solution 2

What if you have a SQL injection vulnerability, someone steals your database, and uses the usernames, email addresses, and plaintext passwords you have stored to login directly to your users email accounts, bank accounts, etc. Do you really want to take on that liability? Conversely, do YOU really want to take on the responsibility of being able to see your users passwords in plaintext?

Solution 3

Reasons:

  1. If someone (from inside or outside) will steal those passwords and publicly release them, you're doomed, you can instantly close your business.
  2. Some people use the same password for many services. If some "attacker" can access e-mail address and password, the easiest way is to try if that password also works for that e-mail account.

You don't want this happen.

If you can access someone elses e-mail account, you can request sending forgotten password from victim's various services etc.

Solution 4

For internal attacks, if I can remember 5 username/password combos, then go to a public terminal and access those accounts, it's less likely someone will notice the attack than if I used a work machine to directly edit the database or pull out large amounts of data while at work.

And as everyone else pointed out, since we all have a hundred or more places online that all want different passwords... many, many people just use the same password over and over and over again. If the Williams Widget Company loses your name, login, and password, and your bank has the same login and password, and it's tracked back that the Widget Company was who lost your password... there's some muddling of liability there.

Solution 5

Because you don't want to fall into the design trap of sending unencrypted passwords, or thinking you can, since you won't have anything unencrypted to compare against, maybe.

Share:
17,801
Admin
Author by

Admin

Updated on June 14, 2022

Comments

  • Admin
    Admin almost 2 years

    Possible Duplicate:
    Why aren’t original passwords stored?

    Why would one store encrypted user passwords in a database, if the password is the least valuable part of the data? It doesn't seem like it would affect external attacks; setting a limited number of login attempts per day per account would be effective. It doesn't seem like it would affect internal attacks; if someone can access the passwords, they've also got access to the more valuable data in the rest of the database.

    Am I missing something here? Shouldn't the entire database be encrypted using user passwords as a key for the password encryption itself to be effective?

    Combined his post below with his question:

    Ok, I asked the question in a bad way. Let me rephrase this.

    If someone breaks into this system, the fact that they have the user's passwords is one of the least of my concerns. I'll be encrypting passwords but in my humble opinion, the other data in the database is way more valuable. Assume that if an internal attacker has that data, they don't care about the passwords.

    If nothing else in the database is encrypted and everything else in the database is what an attacker actually wants, did encrypting passwords actually solve anything?

  • Spectator6
    Spectator6 almost 14 years
    The question does not ask how passwords should be encrypted. It asks why passwords should be encrypted.
  • sharptooth
    sharptooth almost 14 years
    With encrypted passwords they will only steal the data from this system, but with unencrypted passwords they can reuse passwords and access data on numerous other systems. That's the difference.
  • Spectator6
    Spectator6 almost 14 years
    To add more information to your question, use the comment system or edit your question. Please don't post an answer if it is not an actual answer. Edit: I just noticed you're posting under a different account, if that is even you. It'd be best to log back in with the account you used to post the question so that you can edit your question...
  • Admin
    Admin almost 14 years
    For some reason it logged me out of the previous account and I can't get back in. My anonymousness baffles even me. I've copied down the OpenID hash this time. The system I'm working on stores information which could be used for identity theft. Hence the worry about applying more security to passwords than content.
  • ShinTakezou
    ShinTakezou almost 14 years
    Not only the unencrypted pwd can be reused to access data on other systems, if the user uses the same passw; it can be used to access the very same system. And while the first "get the user-pass attack" could look as an attack and be discovered, next access with user-pass would look "normal" access. And if the "real" attack is not noticed, they can do harm more subtly and "covered"

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

password limitations in SQL Server and MySql
Best way to store password in database
How to securely store database password in Python?
Is it okay that database credentials are stored in plain text?
Preferred Method of Storing Passwords In Database
Is the c++ hash function reasonably safe for passwords?
Determine password expiry date
How to hash a password with SHA512
How to create a login screen
Why not use MD5 for password hashing?