Risks associated with plain text passwords
Today's blog post would be about why storing passwords in plain text is a bad practice. We would be identifying vulnerabilities associated with this type of password management. This would be the pilot post among a series of blog postings regarding ethical and secure authentication systems.
How user authentication travels
For us to be capable of identifying the risks and threats associated with plain text passwords, we have to get a little background on how password travels from a client application (web, desktop or mobile) to the server. The diagram below describes the typical flow used by a client application to verify a user's authentication data.
The diagram above shows how most authentication systems are implemented. Listed below are the steps associated with this authentication process:
- Password is provided by the user to the client application
- Client application sends authentication data to the network gateway
- From the network gateway, the authentication data is sent to the web server
- The web server sends the authentication data to the database server
- If password validation on login process occurs on web server, authentication data travels from database to web server again
The need for validating user password introduces security vulnerabilities to applications in several layers. Below is a list of security issues that arises when an application stores and validates authentication data on plain text.
- Authentication data is vulnerable to man in the middle attacks (MITM).
- Authentication data stored in a database server is vulnerable to inside job. Most of stolen authentication data in the black market originates from disgruntled company employees.
- Unaware developers pull passwords from the database and compare it on server side. Sometimes they even expose it on some JSON responses.
Password Best Practices
With all the security issues associated with plain text passwords, I strongly suggest the following password management practices to reduce the risks of getting your website attacked and compromised.
- Implement and enforce SSL connection to your web server. (Does not eliminate all threats but it somehow decreases possibility of an attack)
- Stop pulling authentication data from database server to web server. Password validation should ideally occur on your database server
- Do not encrypt passwords. Anything encrypted can be decrypted. (would be writing a blog post about it)
- Use Cryptographic Hash Functions on your passwords to discourage brute force attacks
- Incorporate Cryptographic Salting on your hashing algorithm to deter rainbow table attacks.
- DO NOT STORE PLAIN TEXT PASSWORD ON DATA STORES