It appears that Monster.com has been hacked again, with all 4.5 million users of the website affected. They’ve been advising their users to change their passwords, so it appears that they’ve made the mistake of storing passwords in plain text.
As Coding Horror says, you’re probably storing passwords incorrectly, and offers the following advice:
In summary, if we’re storing passwords, we’re probably storing those passwords incorrectly. If it isn’t obvious by now, cryptography is hard, and the odds of us getting it right on our own are basically nil. That’s why we should rely on existing frameworks, and the advice of experts like Thomas. What higher praise is there than that of praise from your sworn enemy?
- Do not invent your own “clever” password storage scheme. I know, you’re smart, and you grok this crypto stuff. But through this door lies madness– and abominations like LMHash that have ongoing, worldwide security ramifications we’re still dealing with today. Take advantage of whatever password storage tools your framework provides, as they’re likely to be a heck of a lot better tested and more battle-proven than any crazy scheme you and your team can come up with on your own. Security vulnerabilities, unlike functionality bugs in your application, run deep and silent. They can lay dormant for years.
- Never store passwords as plaintext. This feels like security 101 and is completely obvious in retrospect. But not everyone knows what you know — just ask Reddit. Store the hashes, never the actual passwords. Educate your fellow developers.
- Add a long, unique random salt to each password you store. The point of a salt (or nonce, if you prefer) is to make each password unique and long enough that brute force attacks are a waste of time. So, the user’s password, instead of being stored as the hash of “myspace1″, ends up being stored as the hash of 128 characters of random unicode string + “myspace1″. You’re now completely immune to rainbow table attack.
- Use a cryptographically secure hash. I think Thomas hates MD5 so very much it makes him seem a little crazier than he actually is. But he’s right. MD5 is vulnerable. Why pick anything remotely vulnerable, when you don’t have to? SHA-2 or Bcrypt would be a better choice.
I’m sure we’re all guilty of building systems where we’ve stored passwords in plain text, but this is definitely something we need to stop doing. With ASP.NET, there’s lots of useful crypto functionality built in, and there’s no excuse to not be storing passwords in an encrypted format.
From a user perspective, it’s also becoming increasingly important to not use the same password, or even tiered passwords, with any web-based systems as the risk of one badly designed system being compromised can cause lots of problems and require lots of time and effort to resolve.
As it’s impossible to remember all different passwords, there’s lots of good password managers out there to help. KeePass is a good one, but doesn’t integrate with your web browser, which can involve lots of alt+tabbing between windows to copy and paste passwords. It’s got a form filler feature, but I’ve found it doesn’t work that well for me.
There’s also Roboform, which integrates directly with the browser. The free version is a bit limited, but the pro version is inexpensive at $29.95.
Similar to Roboform, there’s LastPass. This is a free alternative, and installs toolbars into Firefox and Internet Explorer, allowing easy login to websites. Passwords are also synchronized across all devices, making it useful for people using multiple computers (ie. PC and laptop, work machine, etc).
For those websites which require users to sign-up for no apparent reason, use bugmenot.com.