Hashing and Security Part 2
Even though hashing is a quite secure and reliable way of securing your passwords, still there are chances of getting hacked. Of course there are ways to prevent it. To be honest it’s not preventing it’s like making the work of a hacker difficult in deciphering your passwords.
Let’s talk about it:
- Rainbow Table:
It’s is huge database consisting of common words from the dictionary and their respective hash codes. For example: One person has given the password “captainamerica” and another person has given the password “captainmarvel”. Now “captain” is a common word which is most likely to be present in the rainbow table. The hacker will get the hash code of the users and look for patterns in the hash codes. Now both “captainmarvel” and “captainamerica” will have patterns similar to “captain”. From that the hacker might guess the password given the Marvel Cinematic Universe is quite popular around the globe. One way to make things difficult for the hacker is to append few sets of arbitrary characters in the password or capitalise few of the letters in between. Best way is not to use “common words”
How to prevent this. Salting is the answer. Salting along with hashing will prevent this. Now, after you have typed in the password “captainmarvel” before hashing the salting process will automatically add few arbitrary characters which you won’t know so that a unique and unbreakable hash code is formed which will not match the pattern in the rainbow table. This new hash code will be registered in the company database. You will be required to type “captainmarvel” every time you want to access your account, the function will add the characters after your code and generate the hash code and match against the registered hash codes and will open the account for you.
2 step verification is another process to enhance the security of your account. For example whenever, a unauthorised user signs into a gmail account from a different device, a mail is triggered to the user asking him to confirm whether it was him who was signing in.