Over the past few months I have read a few articles about password security. This seems to have become a popular topic among many in the programming community. The problem is that most of these articles were written for programmers who understand what a hash and salt are, no I am not talking about putting salt on your hash-brown. I'm going to attempt to make this a bit easier for everyday users to understand.
First, the security of your password is only as good as the security of the website that is storing it. If the website stores your password as "plain text" - meaning "kitty12" is stored as "kitty12", then your password is NOT secure. You might ask "how else are they supposed to store it?" The answer is it should be secured using a hash and salt. Salt is some other text (ideally a combination of text, numbers, and symbols) that is added to your password (it can be added to the beginning or end). The salt is kept hidden so that it is only in the code. With the salt your "kitty12" becomes "kitty12nZ$39!k9". This extra text makes it harder for a hacker to figure out what you actual password is.
Next comes the hash. A Hash is kind of like a fingerprint. Like a fingerprint a hash is unique. There are a variety of methods to generate a hash, some more secure than others. After applying the hash to "kitty12nZ$39!k9" it becomes "e6dbe0e25854ea0829f8f736fa9952ff". The hashed text is what should be stored by the website. Why does it matter how my password is stored? If a hacker gets a hold of a database and your password is stored as "kitty12" they now have the same password you probably used on a dozen other websites. If your password is stored as "e6dbe0e25854ea0829f8f736fa9952ff" it becomes extremely difficult for a hacker to undo the hash and figure out your actual password.
Many websites will require you to have a minimum password length or use letters, numbers, and symbols. A 6 character password with only letters and numbers can be hacked in about 3 seconds, if you jump up to 8 characters it would take about 4 hours. Once you add symbols your 8 character password could withstand a hacker for about 465 days. My point is the longer your password and the wider variety of character types will make your password more secure.
Your password should be a minimum of 12 characters and should include lower case, upper case, numbers, and symbols. But that becomes very hard to remember! The best way to have a secure password and be able to remember it is to stop using passWORDs and begin using passPHRASEs. Instead of "kitty12" use a short sentence or phrase such as "I have 12 kitties!" This is now an 18 character password (spaces count as a character), has upper and lower case letters, numbers, symbols, and is easy to remember!
Now that you know how to create a secure password it is time to make sure the websites you use are storing them properly. It would be difficult to figure out if they are doing it properly so we will just check to make sure that they are not doing it wrong. Remember what I said about it not being safe to store passwords as "plain text?" The easiest way to find out if a website is storing your password as plain text is to click on the "I forgot my password" link. Usually they will ask you some pointless personal trivia questions then will send you an email. If the email has a link for you to create a new password then the website might be storing your password properly. If the email gives you your password then they are doing it wrong! If a website can send you your password send them a nasty email and tell them they are jeopardizing your password security and they need to fix it!
If you want to learn more about password security and hashes I would recommend checking out Jeff Atwood's blog Coding Horror. Specifically these articles: You're Probably Storing Passwords Incorrectly and Speed Hashing.
Friday, April 6, 2012
Tuesday, February 23, 2010
Stack Overflow Fanatic
For many months I have wanted the Stack Overflow "Fanatic" Badge and after months of visiting the site, sometimes dozens of times daily, I have finally earned it. There are currently only 653 users with this badge. Check out my profile.
Sunday, February 14, 2010
Sight & Sound Theatre- Joesph
Joseph opens on March 6th with shows at 1, 4:15, and 7:30. I didn't think I would be able to make it to the opening show, but thanks to spring break starting the same day as the opening of Joseph I think I might be able to after all.
Its Time To Ditch Flash
Every now and then I stumble across yet another website created entirely in Adobe Flash. When building websites or web applications your number one priority should be usability. If a user cannot use you site they will never find the information they are looking for. And if they cannot find what they want from you they will go to your competitor. Flash substantially hurts your site's usability and will likewise hurt your company. Don't get me wrong, Flash has some great uses (although some new technologies are making it obsolete), Flash is great for games and even some applications. But you should not build your entire website in Flash. There are too many problems when a website is completely built in Flash.
When you create a website you want it to be accessible to as many people as possible. When you build a website in HTML or even ASP or PHP (since they are entirely HTML as far as the user's computer is concerned) anyone with a web browser can access your website. If you use JavaScript you may loose a few people who are still running Windows 98, but almost everyone has a JavaScript enabled browser. Flash requires that you have it installed. Many people do have Flash installed, but many may not. Some users may not want (or may not be allowed) to install flash. These people will go find an alternative source of information which translates into you loosing customers.
Many people do have Flash installed, but Flash has many more usability flaws. Flash can be slow to load. When I go to a website I don't want to wait 10 or 20 seconds for it to load, I want it to load as close to instantaneous as possible. This will cause some users to give up and go elsewhere. It also wastes the user's and your bandwidth. Why put extra stain on your system if it is giving you no benefit. There is no reason to load every part of your site when the user only wants to see one page. This leads me to the next issue.
There is no easy way for a user to bookmark or follow a link to a certain page. Many times users find something they want to send to a friend to check out or just book mark it for later. With a Flash website the user always has to start from your homepage and cannot jump right to the information they are looking for. They may not remember how they navigated to the information the first time so they may never find it again. There are ways around this but many Flash sites don't implement them.
One thing I tend to do a lot is right click on a link and open it in a new tab. With Flash I can't do that. I have no choice but to follow the link. Now I am on a new page but I may not have an easy way to return to where I started because Flash breaks the back button (unless you implement certain work arounds).
Flash is not search engine friendly. To my knowledge there is no way for a search engine to crawl a Flash site. So you are relying on your keywords and description to get you a decent search ranking. A decade ago this may have been sufficient to get good rankings, but today keywords and a description are practically ignored. Search engines are going to heavily use your page content (among other things) to rank your site and if your page content only consists of Flash you are providing nothing to be ranked.
With JavaScript, Ajax, SVG, SMIL, and other newer technologies you will greatly improve your usability, search-ability, and overall value of your website. So take a little time to learn some newer technologies and ditch Flash, your customers with thank you!
When you create a website you want it to be accessible to as many people as possible. When you build a website in HTML or even ASP or PHP (since they are entirely HTML as far as the user's computer is concerned) anyone with a web browser can access your website. If you use JavaScript you may loose a few people who are still running Windows 98, but almost everyone has a JavaScript enabled browser. Flash requires that you have it installed. Many people do have Flash installed, but many may not. Some users may not want (or may not be allowed) to install flash. These people will go find an alternative source of information which translates into you loosing customers.
Many people do have Flash installed, but Flash has many more usability flaws. Flash can be slow to load. When I go to a website I don't want to wait 10 or 20 seconds for it to load, I want it to load as close to instantaneous as possible. This will cause some users to give up and go elsewhere. It also wastes the user's and your bandwidth. Why put extra stain on your system if it is giving you no benefit. There is no reason to load every part of your site when the user only wants to see one page. This leads me to the next issue.
There is no easy way for a user to bookmark or follow a link to a certain page. Many times users find something they want to send to a friend to check out or just book mark it for later. With a Flash website the user always has to start from your homepage and cannot jump right to the information they are looking for. They may not remember how they navigated to the information the first time so they may never find it again. There are ways around this but many Flash sites don't implement them.
One thing I tend to do a lot is right click on a link and open it in a new tab. With Flash I can't do that. I have no choice but to follow the link. Now I am on a new page but I may not have an easy way to return to where I started because Flash breaks the back button (unless you implement certain work arounds).
Flash is not search engine friendly. To my knowledge there is no way for a search engine to crawl a Flash site. So you are relying on your keywords and description to get you a decent search ranking. A decade ago this may have been sufficient to get good rankings, but today keywords and a description are practically ignored. Search engines are going to heavily use your page content (among other things) to rank your site and if your page content only consists of Flash you are providing nothing to be ranked.
With JavaScript, Ajax, SVG, SMIL, and other newer technologies you will greatly improve your usability, search-ability, and overall value of your website. So take a little time to learn some newer technologies and ditch Flash, your customers with thank you!
Friday, January 22, 2010
Cool Technologies: AJAX, SVG, XFORMS.
So I have been wanting to learn more JavaScript and how to do Ajax for a long time now. Last semester I finally found some time to play around with enough JavaScript to start to understand it. This was the first time I have ever worked with DOM. While on winter break I had some free time one night which I decided to spend doing an Ajax tutorial. This was a simple tutorial which used a mouse over to request the time from the server.
Next I decided to add an Ajax feedback form to my website which turned out to be a little more challenging. The server time tutorial did not use any POST variables. I did not realize that with AJAX you had to send the variables. So after a few hours of reading online tutorials I was able to figure it all out.
I really am liking Ajax so far so I wanted to get a book to teach me a bit more. I ordered Building Responsive Web Applications which looks like it will teach me a lot. I have not started it yet since another semester has just begun.
While reading various articles online I came across SVG and XForms. Both look really cool and I can't wait to get some free time to play around with them!
Next I decided to add an Ajax feedback form to my website which turned out to be a little more challenging. The server time tutorial did not use any POST variables. I did not realize that with AJAX you had to send the variables. So after a few hours of reading online tutorials I was able to figure it all out.
I really am liking Ajax so far so I wanted to get a book to teach me a bit more. I ordered Building Responsive Web Applications which looks like it will teach me a lot. I have not started it yet since another semester has just begun.
While reading various articles online I came across SVG and XForms. Both look really cool and I can't wait to get some free time to play around with them!
Stack Overflow's Impresive SEO
I am very impressed by Stack Overflow's ability to rank so high in many searches. I searched for my name on Google and the top results for me are Super User, Stack Overflow, Facebook, and MySpace (which I haven't really used in years). Following them all up is my own site. I have been trying for years to get my site to rank high but it can't get much high as long as I'm active on Stack Overflow.
I realize that search engines will always rank Stack Overflow highly because of the large amount of constantly changing content. At most my site only gets updated a few times a month. But it seems that someone (I think possibly Jeff Atwood) has dont a very good job with the SEO of Stack Overflow.
I realize that search engines will always rank Stack Overflow highly because of the large amount of constantly changing content. At most my site only gets updated a few times a month. But it seems that someone (I think possibly Jeff Atwood) has dont a very good job with the SEO of Stack Overflow.
Monday, August 24, 2009
Snow Leopard is Here =)
Apple has finaly announced that Snow Leopard will ship on Friday the 28th. Of course that happens to be the day that I leave for Bloomsburg. I will have to wait until I come home on September 4th to give it a try.
My Mac already is pretty fast (much faster than any Windows PC I have ever used) so it is hard to believe that Apple has managed to improve the speed so much. And although I have plenty of extra hard drive space the extra space Snow Leopard will free up is welcomed.
Subscribe to:
Posts (Atom)
