How NOT to Store Passwords! - Computerphile
HTML-код
- Опубликовано: 28 сен 2024
- Security of users' passwords should be at the forefront of every web developer's mind. Tom takes us through the insecure ways in which some websites deal with passwords.
Note: At circa 8mins, the animation does not show how the 'salt' is also stored in the database alongside the username.
Hashing Algorithms and Security: • Hashing Algorithms and...
Security of Data on Disk: • Security of Data on Di...
More from Tom Scott: / enyay and / tomscott
/ computerphile
/ computer_phile
This video was filmed and edited by Sean Riley.
Computerphile is a sister project to Brady Haran's Numberphile. See the full list of Brady's video projects at: bit.ly/bradycha...
"You might be watching this years in the future"
Just remember that nothing you can code is secure against the xkcd approach to password cracking - you find the user and beat it out of them.
IVIaskerade I don't actually know some of my passwords (I only remember how to move my fingers to write them). So that makes it a little harder unless there is a keyboard nearby :)
IVIaskerade They don't call it 'rubber-hose cryptanalysis' for nothing...
frtard I know that, Bahahaha that tactic is just too funny. Lol, I'm not |\/|askerade, by the way XD
I am watching this years in the future, how did he know?
Something else important: The vast majority of hashing algorithms are VERY FAST! They've been designed that way to make document signing easy. So in addition to salting, you also generally want to repeat the hash recursively, for a few thousand rounds, or generally whatever takes 1/10 - 1/4 of a second. The longer you can make it take, the longer it will take an attacker to crack as well.
just have your password 'incorrect' so if you get it wrong it will say " your password is incorrect" and then you will remember
i hate that sites wont let me make a password that has more than 20 caracters and say i cannot use symbols
Always put salt on your hashbrowns.
When aliens attack the Earth and we are all doomed, I want the world leaders to choose this guy to go on TV and explain to everyone why we are screwed.
"You might be watching this years in the future"
Yeah 10 years later, hope this aged well.
There's also 'pepper'. 'Salt' and 'Pepper'. Salt is a known random mutation string unique to the user, then the pepper is another unique mutation string unique to the database itself, but stored SEPARATE from that database, so that it is a secret to the database, with nothing linking the two together in any way.
Websites that refuse to store their own passwords are actually a pet peeve of mine. I don't think you should do that. It forces people to link their account to another identity. Nothing wrong with offering the option, but it shouldn't be required.
Facebook is the worst, BTW, since the identity it links you to is usually your real life identity. And a major part of security online is being anonymous. So even if something does get cracked, it doesn't link directly to you in real life, allowing you the ability to create a new online identity.
I loved the energy of this guy, the spirit of the video, and the explanation. The way he said "You might be watching this years in the future" I liked it (:
Nice video! One more addition: If you are implementing something like this today, try to use a hash algorithm that is not easily parallelizable (like MD5 or SHA-1 is) - graphics cards can crack these quite fast nowadays - and use one that supports a "rounds" parameter - basically a way to make a hash slower (and also make cracking it slower), so that it is possible to easily increase the password strength later when computers get faster, without hogging up your server today for 5 seconds whenever someone logs in. Good choices (as of end of 2013) are PBKDF or BCrypt.
And if you increase the security of an existing website by replacing unsalted (or just SHA-1 salted) hashes with more secure ones, re-hash any old passwords you find when the user logs in (and not only when he changes his password), because at that time you have the cleartext password and can re-hash it. Lots of people will not change their password often and that will put their passwords at higher risk if they are still stored in a more insecure hashed format.
OK, please clarify that last method. You say at 7:45 about the salt "a new second password if you like that goes in the database". But if I understand this correctly, you're storing only the salt and the resulting hash, not the user's password, right? When a user logs back in, you take the password they provide and the stored salt and see if its hash matches the stored hash. Is that correct?
Shit, i just store my passwords in my HTML code!!
"you may be watching this video years into the future" ..... Hi from 2024 my friend! 10 years into the future
ah geez, better change my password to password2 then
safest place to store a password? a piece of paper under your pillow
Dear ComputerPhile, thank you for finding people like this guy who can explain stuffs so well and make you want to learn even more. I don't know much about web security, but with the past videos on the subject, and with this remarkable guy, things are getting clear.
If not already one, he would be a great teacher.
So thank you again for making this video!
In my country there's a debate going on about internet voting in general, and it's seriously considered. Estonia has implemented e-voting and electronic government and is always used as an example of "successful" e-voting system. I've read a bunch of articles proclaiming hashing (alone) as an "unbreakable" way of encrypting data. I'm glad I can see that video too, and compare.
There should also be a mention of key stretching. By re-applying the salt and re-encrypting the hash a large number of times, it becomes linearly more computationally difficult to brute force a collection of password hashes. You can require 1000+ times more computational work per single password attempt. Of course, this means every log-in from a user would also require 1000+ times more work to authenticate.
10 years later and it this video finally prompted me to have a unique password for my email and email only
If the salt is random then there would be no way to compare the two passwords unless the salt is also stored. Isn't stealing all the users passwords and salts the same as stealing their passwords and secret questions then?
watched this while eating food. Usually I watch small funny episodes.
Plan to watch these video every day while eating something. Knowledge is power
Ok, but how do you compare the password once you've added this huge random string to it?
Mmm, salted hash... I should probably take a break from the internet and eat if this video made me hungry...
Hey Brady, I'm glad you put links to the extra videos at the end in the description, since you can't click the ones inside the video frame on a phone.
Keep doing that!
I don't even know why I'm subbed to this channel, I know nothing about computers and I never really grasp what they are talking about on any significant level.
It's a big pity that it wasn't explained more in-depth how salting works. Like how you can used your salted hash to verify someones password.
I looked it up, and the solution is that the salt is also stored in the database and added to the typed-in password every time a login is tried.
So at 8:18 it should have shown an extra field; That of the salt.
Actually, you can store the salt in the same field as your hash. And you also define the hashing function in the hash too. It's a standard format used on Unixes specifically designed to be future proof. It looks like $$$$$
cyphardotcom Thanks for the insight!
Somebody should show this video to the folks at Sony...
This is like saying: "Its hard so don't even try". Actually, you actually DO say that (00:24).
So by that logic, we shouldn't even be programming. Or driving cars. Or playing sports. Or being alive.
Indeed, I say the opposite - TRY. Just learn before you do. It's not even hard to set up secure password storage, if you know how to read, because google returns (approx) 71,500,000 results when you type in "secure password storage".
Of course, knowing anything whatsoever about secure application design, firewalls, encryption, and other super basic internet security concepts is a must. Skilled surgeons are skilled surgeons because they paid attention. Same applies to everything else in life.
I've had websites email me my password when I asked for it...
When a user tries to get into their account with a salted hash system, how does it compared the entered password with the salted and hashed password stored in memory?
I'm now "years into the future" - how amazing!
I still think this is one of the best videos to ever be published by Computerphile.
It always frightens me that so many big names keep screwing this up. I knew about salted hashes and why you'd want to use them 15 years ago (at least). It also always annoys me that I get badgered to add punctuation and numbers and case changes to my passwords, when I already have a more secure procedure. But that's a rant for another day....
from future
still this holds true
Amazing video.
In my opinion, this is the best Computerphile presentor yet.... He is so passionate it's watching :)
Well this episode was fairly entertaining, especially as it has a connection to an event right at the moment of time.
Really really cool, 10/10 want more of that.
Very relevant ten years later. Thanks dude.
And this is why the most secure sites have added 2- or 3-step authentication. Not a guarantee, but an added layer of protection if your password is grabbed from their site or any other!
On the other hand, annoying as hell for the user.
True - it's unfortunate that the higher the level of security, the more complicated it is for the end user. In the end, it comes down to a balance between the two.
Depends on the implemented factor'd authentication. A text message to a cell phone is great as long as you have your cell phone. The "image and question" method that banks use has been proven to be what is called "security theater". It makes the user feel secure, but is actually useless.
As well, 2 factor authentication isn't going to save your password when the database is stolen. It just means that if you chose 'password' as your password and someone stole it, they couldn't login to THAT service. But they could potentially login to your email if you use the same password.
Best practice is to choose a separate password for every service you use. Generate it randomly as secure as possible (mix of letters, numbers, symbols and case). Generate it as long as possible to prevent bruteforce. Store this password securely (either using something like keypass or a service like LastPass - just enable 2 factor authentication for the service and choose a REALLY secure password) and backup to a secured drive or image (Truecrypt is great). Nice thing about the Truecrypt image is you can put it in the 'cloud' (as well as local) and get a little more safety.
If someone steals your password from insecuresite.com, you'll love this in the long run. Just last week I got an email stating a site needed me to reset my password and I just thought "okay, glad I dont have to reset all of them".
Indeed. The simple fact of the matter is that there will always be a trade off between security and convenience. Ideally you would enter your username and password manually each and every time you visit any site, as well as entering a unique code sent to your phone-or some other 2nd-factor authenticator-every time. But that becomes a pain on a regular basis, so people don't want to do it.
I'm watching this years in the future!
So you saying I should change my youtube password from 123456 to 1234567? :P
Interesting that the best approach is what UNIX /etc/passwd files have used since 1988 or 1990 (though with smaller salt).
Also interesting that the method used by repo.org.cz (first and only place I've seen it) which uses ssh keys wasn't mentioned at all. With this method, the password is assigned (or generated) to be a long random string (for security) but the user isn't required to remember it. Instead it is stored locally in a keychain, protected by a the user's local password.
Correct me if I'm wrong but a browser in a vanilla state doesn't have the capability to manage ssh keys on a keychain.
Megatherium
I wouldn't know.
However, I will say that I use a Mac, and the builtin Keychain Access integration with Safari is a pretty good substitute. It still alows users to pick bad passwords, but it's not scary to use a different (and 'strong') password on every website. The only thing nicer would be better (easier) auto creation of passwords. Also, I had to buy an app (which may not be neccessary anymore now that keychains can be stored in iCloud) to sync the passwords to my mobile device.
This makes me think of an even better (and in retrospect, glaringly obvious) system: the one-time passwords that my banks makes me use to access their sites. I have credit card sized hardware to generate them for one bank, and two different apps for access to the two others.
Most webbrowsers support client certificates, haven't seen hardly any site using them for authentification.
Yeah but what if the user loses their private key on their harddrive?
could you elaborate on this repo.org.cz method a bit more? Or perhaps point me to a tutorial?
But if the salt is totally random, and not based on something like the username, then how do you validate the login the next time?
I really like watching Computerphile videos with Tom Scott
He says we know people use method 1 because they send the plaintext password to the user on requestio, but that happens with encryption too. (However, I suspect that many are using plaintext.)
Anyway, his answer isn't quite good enough. Make sure your hash is intentionally slow. We can calculate 200 000 000 MD5sums (which is also partially broken) per second with a good consumer computer. If you use iterated bcrypt, it takes, well, depends on the interations, but if it takes a second, logging in now takes an extra second of server time, but cracking a password takes 1 second * the number of attempts. So don't just use salt and a secure hash. Use salt and SLOW hash. (Probably bcrypt.)
Also, if you do avoid doing this on your own and integrate Google and Facebook logins, please use Persona or something similarly decentralized. I give all my data to Google, but not everyone wants to, and they (and I) probably shouldn't.
Thanks for the two tips man, especially the slow hash one. Also, adding pepper to the slow salted hash would make things better :p
***** Making a slow hash is great if you have an array of servers with decent computational power, but you can basically achieve the same effect by waiting 3 seconds before you validate the password and return the network response. This is assuming you're not worried that anyone is going to hack into your database, which if you're a small operation that doesn't have a lot of servers and doesn't have a lot of internal people looking at your database, you can pretty much guarantee this.
Scott Gartner
I don't think you understand. If it takes a split second to guess at a password, brute force attempts become feasible. Brute force is pretty much the only method hackers use. If you increase the time between attempts to a couple seconds, it will take lifetimes to guess the password.
Scott Gartner How would brute force (meaning generating all the passwords and trying them out probably using some backtracking algorithm) work on websites that block the account after a given number of consecutive fails... let's say 5? Let's say my password was 123456... then the backtracking would try 123451, 123452, 123453, 123454,123455 and then it gets blocked just before trying 123456 which is actually the password. It wouldn't even get to 123451, because it would start with 111111 then 111112 and so on. It would probably get blocked after 111115. Of course this is an extreme example and not all backtracking algorithms necessarily generate stuff in alphabetical order... but I trust you get the point. If you limit the number of consecutive fails, brute force becomes useless.
DarthGhitza The assumption throughout this conversation is that the bad guy has been able to get a copy of your database. The methods we are talking about are intended to be used directly against the database, not via a web application. In fact, the bad guy might get the source code to the application as well, but if the algorithm is truly secure that won't afford him any significant benefit in cracking passwords.
I used to think they had a huge list and they wrote them all down then 7 years later i decided to make my own website and then 1 year later i decide to put it on a Raspberry Pi and never bring it back up
Can anyone explain how the password is verified after it's been salted and hashed? Is the random 'salt' string also stored somewhere for when the user tries to log in again?
I had a great one from a Quality Inn website - not only did it store my password in plain text, but it helpfully displayed it on the screen in my profile when I logged in!
Computerphile is by far one of my favourite RUclips channels!
Keep up the god work!
if a salted hash contains random characters then how is the user authenticated each time? I kind of don't understand how that would work
Jordan Johnson Given that everybody keeps replying with the same thing I assume it's happening to everybody...
Eddie Amaya The salt is always the same, so the algorithm always returns the same hash.
Eddie Amaya The salt could be something like join date or (as mentioned in the video) the username. Just some random string that anyone can see. It doesn't matter if they can because hashing is a kind of one-way encryption. It is simply added to the start of the password prior to hashing. It forces attackers into using a brute force approach as things like rainbow tables become useless, and there are no duplicate hashes in the table :)
bigcheesetaste Username is not random therefore it is not good salt. It helps against some attacks but proper random string is much better.
@Geraint white: Because the combination username/password is more likely to appear elsewhere and has maybe already been precalculated. Hash( salt + password ) can't be precalculated if salt is random and long enough.
When I looked at this problem recently, I found that a current good practice was to repeatedly hash the password + salt something like 10000 times. This code takes something like a second to run, which renders the brute force attack approach that much more difficult. As computers get better, you keep increasing the number of repeats so that the code still takes about a second to run, which isn't all that inconvenient when you log on to a site.
Also, the universal password now must be Password.1, to pass the complexity checks that require 4 types of characters.
8:17 the salt should also be stored in the database
The most interesting thing about this kind of question is how it points out that dissemination of techniques and especially updating of existing methods is actually difficult and a major barrier to improvement. Look into how doctors sometimes take 10 years to learn about a new and improved treatment or knowledge about some medicine. When you go to your doctor and they say you have some problem and there's nothing they can do about it, someone else might have something they can do. of course thinking that also opens the door to scams/pseudoscience.
This is coming from a user's perspective, not a webmaster's perspective, but I use completely insane, nonsequitur, and/or misspelled words, numbers, and special characters, and never use the same password twice for any service. Now, I won't ever remember any of them for dirt, so they're all written down on sticky notes on my desk. Thus, the best thing you can do to crack into my accounts is to break into my house and get past my shotgun. :3
Pyagrl*16 As Scott pointed out: When properly encrypted it is almost impossible to bruteforce passwords. (Impossible in CS security ~= It takes too much effort to break, where effort is some combination of time and money) Most people get hacked by social engeneering, using same passwords on unsafe and safe locations or careless selfies that include notes like yours.
Florian H. Just making sure I follow you -- people have taken selfies with their password sticky notes in the background? Yikes!
Pyagrl*16 You're off to a great start but the sticky-note approach is obviously not a good idea. Look into a password manager like KeePass, which let's you store your passwords in an encrypted file on your computer and is protected by a single master password.
PhishFrye Ah, I've seen those. I've got Password Safe, already, in fact. So you recommend those? Thanks! :-)
Probably should have discussed the significance of middle man attacks and signing up in a secure location (not in public for goodness sake).
I only use dedicated passwords for anything government (particularly education) or from a company (like Adobe) that I don't necessarily trust for security. Whenever I have gotten a password back in plaintext in an email, as a programmer, my heart skip a beat. Only somebody that actually is well educated and or tested in the area of security should be allowed to even touch this sort of thing. Like was mentioned, using some other existing service to log in is so significantly better. If a service like Google is used, and the user signed up for Google in a secure location originally, signing up for a new service using your Google account is just as safe as logging into Google. The more times people sign up for things, the more vulnerable they get.
Great video.
1:48 it's really ironic that a minute earlier he recommended implementing sign in with Facebook (also google and other more secure things but I'm focusing in fb) to let then properly handle storing passwords... because in 2019 it came out that they were storing millions of them in *PLAIN TEXT* 🤦♂️
My god this personalized content thing is going really far, that guy even knew all of my passwords.
I have a question. If you can store the "salt" in the database in plain text, why is basing the "salt" off the username such a bad idea? As long as it's unique, both methods are equivalent. Is there something I'm missing?
This guy is awesome! The way he explains things is really good! I hope we'll see him more often :)
Glad to know that the Hash and Salt method is still considered pretty good practice. Many webshops and forum systems use it.
You should not use just any hash... You should use a time-consuming hash such as bcrypt, otherwise brute forcing will be a problem.
I'm watching it YEARS in the future.
watchin' this 3 years later.
Yesterday someone hacked into my database and stole all the data of my users and now knows all about them. Nobody uses my site anymore, but thanks God I hashed all my passwords so the hacker could not get access to millions of dead accounts.
I... I’m watching this years in the future >->
"Maybe you're watching this years in the future..."
*h e k n o w s*
oh wow this has really good camerawork for 3 years old
It is important to note, that not all hashing algorithms are equally secure. Using MD5, even with salt won't do a good job anymore. It is important to check which hashing algorithms are still considered to be secure. Currently, SHA2 family is fine, SHA1 and MD5 isn't.
Another tip would be to use slow algorithms. SHA512 for example is still fairly fast. A safer way would be to use pkbdf2 or bcrypt to prevent bruteforcing even more.
The most interesting part of this video is when Tom says that the salt need not be hidden. He even says the user could know it.
By using a variable salt it has to be unhidden otherwise you'd never be able to verify the password.
Even if you follow the good (and old) advise and both hash and salt the passwords. It is still possible for a hacker the get the passwords if your website is compromised. The hacker can simply steal the passwords as users log in. Because the passwords are send in clear-text through a SSL tunnel.
If you're not using Google/Facebook etc for logins it's a good idea to learn a proper framework which has an Auth component built in (e.g. Rails (Ruby), Laravel, Symfony (PHP) etc). This performs all the steps needed to store passwords and brings many other benefits.
Another thing to mention re storage is number of iterations of the hash function. It's a good idea to perform quite a few hashes per password - i.e. hash the hash and so on. This makes brute force attacks much more difficult as the attacker will need to hash each password it tries 10, 100, 1000 times to try it. 1000 iterations of MD5 doesn't take too long but will make a brute force attack take 1000 times longer than just 1 iteration. (But if you use a decent framework there's no need to worry about this)
Salted hashed passwords don't take any longer than creating a rainbow table for a given hash, since it's just the password hashed together with a stated salt. It doesn't take until the end of the known universe to calculate, but it does take a lot of time/resources so it's as good as we got. The tradeoff with having OpenID / Facebook type logins is it increases the value of the provider to hackers and it becomes a single point of failure in the system. It probably is still better than keeping salted/hashed passwords in some arbitrary system.
+Computerphile, I agree with everything you said, except that one cannot conclude that if a website can send you the cleartext password in email that they're necessarily storing the password in cleartext since they could be encrypting it. Even if they are encrypting it, it's still a mistake as you said.
All your site and profile security measures are useless if the password is 1234
Develop a password generating scheme, based off things you could look up. So actors and the first movie they where in combined with their long form DOB/DOD/ext. mixed in alternating. Set password hint as name of actor. Done now all you have to do is remember your scheme and lookup info whenever you forget string or use account that doesn't use tokens.
Why would having a random salt stored in the table column 'salt' be any more secure than using the 'username' column? I would have thought that this would be less secure because it is more obvious to use the 'salt' column as a salt than the username.
Using the username as 'salt' prevent the existence of identical hash in your database. However, the username and password hash can be easily found in a rainbow table. For example, my password is 1234 and my username is jhon. It's not hard to find in the rainbow table the hash for jhon1234. The real 'salt' ensures the randomness of generated hash.
Because the username is shorter.
Because if I have md5(mypassword + salt), even if they know the salt part of it, it's still impossible to reverse the md5 hash and get mypassword. Try it here: adamek.biz/md5-generator.php
Because salts are random and usernames are not
Well, SlykeThePhoxenix, it's also impossible to /reverse/ md5("hello"). You have to try the combination or look at a database where you have tried combinations. Also, don't use md5.
Having a universal ID service is not only more secure but also more convenient, and removes the need to sign up to a load of sites with different usernames and passwords
Just to give a little applicable knowledge with this video, people who use PHP should be implementing functions that look something like this.
password = md5(md5(password) + md5(rand(1000000,99999999999))));
Attaching hashed passwords with random hashed values and then rehash the value. Both the random value(salt) + password should be stored in separate locations or separate servers if you can. It's not recommended to use numbers as your salt however but instead use randomly generated text strings. If you feel you must use a more computational friendly salt then use the example above as starting from a low number can create a security weakness against brute force attacks.
If designing a random feature based on any theory of random number/string generating, never use the same variables or functions twice as override and inheritance can interfere with the final result and make the algorithm weaker and sometime predictable.
I'am watching this years in the future.
Last year I went through the whole college application process, I applied to a bunch and had to make accounts for each. One day I forgot my password to one of the colleges, I think it was NJIT, so I clicked on the "forgot password" link. When I checked my email, guess what I received in my mailbox MY PASSWORD IN PLAIN TEXT. What the hell?
Most people store the date of registration in their database as well. You can maybe forge a key that consists of the encrypted password and the encrypted date. It would only be equal if people have the same password and registered on exactly the same date and time, which is highly unlikely. The benefit of this is that you'll avoid dealing with randomness.
I recently read The Cuckoo's Egg which was written in 1989 and highlights a couple of these problems. Shame that people seem to still be making the same mistakes 20 years later!
Salting hashes has been around for years and years, not only that, but common knowledge with any reputable developer. If anyone calls themselves a 'good' developer, has no idea about user security and makes schoolboy errors like this; deserves a good punch in the face.
Which makes the Adobe breach that much more astounding. Adobe's full of probably some of the most talented programmers in the world; how'd they not get that right?
You don't need to know about security to be a good developer. You should just be aware you suck at security stuff and leave that to someone who doesn't; software development is a team effort, after all.
I should add that even if you use salts, hashing with md5 or sha1 is still a bad idea. One should use blowfish or pbkdf2 to derive their hashes - these algorythms are so complicated and slow that it is not feasible to try and brute force them. Also there is an interesting approach to store passwords by _not_ storing them in the same table with the user. For further reading on this one, check this: www.opine.me/all-your-hashes-arent-belong-to-us/
Or to put it more simply: Adobe deserves a good punch in the face.
Salamihawk Just look at acrobat and how often security patches are applied (almost weekly) to that software and realize how good Adobe is at security. Adobe is on a quarterly patch cycle. Flash and Acrobat want to update a lot more frequently than that.
Okay, absolutely brilliant ;) Once again you show class Tom, altho I always preferred adding the encryption layer over the salthash layer whenever I could.
Looking forward for more!
When I first time tried making a web with login - just my experimenting with web - I already started on hashing (MD5) the password, I never did plain-text or encryption.
Nowadays I upgraded to SHA1 plus using salt.
True, not completely random salt, but based on each users data, thus different to everyone.
I had a boss who was born on February 29th (leap year) so EVERYTHING was 0229. His PIN for the alarm, email, ATM, you name it, if it was a four digit PIN, that was it. It was even on his license plate. So easy to log into everything as him. So stupid.
I use (password + salt + userID) then that hash is encrypted with PGP (Using public key) to store the password. Run it through PGP decrypter when logging in, where the private key for PGP is decrypted with PSK (The key is the inputted password hash mentioned above), if the decrypted password hash match the input password hash, they are successful and can login! I also put in optional 2 factor auth, If enabled, the serial for the OTP is used in the hash function. By the way, do a video on 2 factor, both HOTP and TOTP!
I feel smarter now.
The public feel the same to the company which has lost their password no matter if you have done a harder job to encrypt the password by hash or salted hash. So the problem before password leakage is a computer security problem but after password leakage it is rather a PR problem.
Salt & Peppered bcrypt hash with a moderately high duty cycle...
He mentioned that the "salty advice" is the approach nowadays. It looks powerful. How can storing passwords improve in the future?
IMHO, by not using passwords in the first place, but some other sort of input, like a key file for example - a randomly generated file that you must reupload every time you log in. Just a few kilobytes mind you, but that's still data so large that it pales to any password you could ever come up with.
The reason why no one is already using this is that
1) It's seen as very inconvenient for most users (but that may change if services started offering it as an OPTION).
2) you need to keep the file around, which makes your computer an even more delicious target for malware than it already is.
3) if you lose your key file, you can't recover it, and essentially need to use the equivalent of "reset password" every time that happens, and we all know what happens when the recovery information (e.g. your phone or (alternate) email address) is not up to date, and it sucks.
Of course, there's also the option for biometric data, but the problem is checking it. If done by client hardware, it decreases security (attackers will just attack the output of the hardware that goes on the wire, rather than the hardware itself), and if done by server software (after raw data is sent by the hardware), not only does this raise privacy concerns ("What? It's not enough that the NSA has my data, now they literally may have my actual fingerprints associated with it?"), it also raises portability problems (e.g. you use a fingerprint reader that sends data in a different format not supported by the server), and false negatives (the reader doesn't recognize your finger, even though it should).
He left off that using computationally expensive hashing algorithms is the current future. The assumption being that your hash table will be stolen someday. So the goal is to make it computationally difficult to crack the passwords. By using a sufficiently difficult hash it could take days to crack even the password "password".
I love when I can sign in to some random website with google plus, it makes it a thousand times easier to sign up and get going.
I like to use the password incorrect, since if i forget it the page will say "Your password is incorrect".
His passion is to admire.
I am amazed that any website stores plain text passwords - it's just beyond crazy!
A thought I just had for this, what about Hashing and Assaulting: Before you salt the password and feed it through the hashing algorithm, go through and just remove every other bit in the password. That way the bit that's actually going into the hash looks literally nothing like the actual entered password.
rainbow table is not effective when people use salt and with hash
hash usually like MD5 and SHA-256 still used. salt must use big random secure number. if you want to be more secure, you can use bcrypt function similar