Password Security and Hackers

  • strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/includes/ : eval()'d code on line 1.
  • strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/includes/ : eval()'d code on line 1.
  • strict warning: Non-static method view::load() should not be called statically in /courses/i202/public_html/f12/sites/all/modules/views/views.module on line 879.
  • strict warning: Declaration of views_handler_argument::init() should be compatible with views_handler::init(&$view, $options) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/ on line 745.
  • strict warning: Declaration of views_handler_filter::options_validate() should be compatible with views_handler::options_validate($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/ on line 589.
  • strict warning: Declaration of views_handler_filter::options_submit() should be compatible with views_handler::options_submit($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/ on line 589.
  • strict warning: Declaration of views_handler_filter_boolean_operator::value_validate() should be compatible with views_handler_filter::value_validate($form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/handlers/ on line 149.
  • strict warning: Declaration of views_plugin_row::options_validate() should be compatible with views_plugin::options_validate(&$form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/plugins/ on line 135.
  • strict warning: Declaration of views_plugin_row::options_submit() should be compatible with views_plugin::options_submit(&$form, &$form_state) in /courses/i202/public_html/f12/sites/all/modules/views/plugins/ on line 135.
  • strict warning: Only variables should be assigned by reference in /courses/i202/public_html/f12/sites/all/modules/social_media/social_media.module on line 248.

This Ars Technica article about password security has numerous examples of leaked passwords hashes (essentially an encrypted version of your website password), both historically and recently--a good example would be the LinkedIn breach in June this year. In this article, the passwords and the hashes they generate are the information being organized.

In addition to storing the hash values and matching them to user accounts, online businesses need systems to manage the algorithm that encrypts users' passwords. The organization and retrieval of these values must be maintained 24/7; failure or inability to do so would result in inaccessible services and unhappy customers. For large companies such as LinkedIn, this amounts to millions of hashes (LinkedIn has more than 175 million users), yet speedy authentication is needed when a single user signs in. Physical servers are necessary to manage the data, and in turn, employees are hired to manage and maintain the software and servers. Companies dedicated to computer security need to track the actions of hackers, and if at all possible, stay ahead of them by designing and implementing more complex security methods. These can include additional authentication questions or 2-factor identification methods (e.g., OTP), which add security, but also means more information management systems.

Individual end-users need to organize their own password information from each site on which they have an account, in order to access the provided services. Each user has their own personal system of organization, varying from easy to remember methods such as reusing passwords (which lessens security if a password used multiple times is compromised) or using simple ones, to more complex, third-party systems such as password manager software. In order to use 2-factor identification, users are required to obtain and update software on other devices such as a cell phone or a USB key. 

Though their activities are often outside of the law, the hackers, operating both alone and in groups, also have massive amounts of information to manage. For them, the data requiring organization are the dictionaries and cracked password lists, which collectively allow hackers to ignore hashes that are easy to solve (i.e., direct pattern recognition) and concentrate on decrypting stronger passwords. An effective hacker would be aware of new leaked password hashes, and add to his or her collection with each successive breach. Hackers also have to manage their hardware and their password cracking algorithms (including widely available software), which can all be upgraded for faster computation.