Responses to Ways of Obtaining Passwords
Introduction
Web security concerns have plagued most user accounts for years, yet most people stick around, while new members continue to join these accounts (Aguilar, 2014). In light of the need to protect users digital information, accounts such as Facebook, among others have put in place tighter security measures. Even so, new ways of hacking into these accounts continue to develop. This trend raises the question of how safe are organizations and individuals user accounts. This paper discuses other ways through which user accounts passwords are illegally obtained and ways to secure these passwords. It further comments on two peer posts.
Rainbow Tables
This is a unique approach of obtaining passwords. Rainbow tables work using hash functions that map plaintext to hashes, whereby someone cannot identify a plaintext from its hash (Kestas, 2014). Often, passwords are saved internally in an encrypted form. For instance, a password “bingo, might be stored as “a8ioAsdjool”. Rainbow tables are able to precalculate all such kinds of passwords. They begin with aaaaa and then go all the through to #####. Through a simple look up, one can obtain the original version of encrypted version of the password.
The best way for an organization or individual to secure their passwords from this form of attack is by making longer passwords. A five character password for instance, can fit in a CD. On the contrary, a 64 character password can take longer than a lifetime to precalculate.
Phishing
While phishing is quite difficult, it is commonly used to hack into an account. The most popular type of this option involves the creation of a fake login page (Aguilar, 2014). The fake page can be sent by email to the victim organization or individual, which look exactly like the original login page. When they (victims) log in, all the information is sent to the hacker instead of to the log in page being accessed, for instance Facebooks. Successful operation of this procedure involves the creation of a web hosting account as well as a fake log in page. This is the link sent to the victims email.
Organizations and individuals