How to Encrypt Passwords in your Database/s?
With the ever increasing rate of hacks and attacks, more and more individuals across the web have started realizing the need for keeping their website(s) secure. One of the ways is to implement an password encryption for your database.
Having said that, when building a website that is password protected, it is also important to determine a way to keep the users login details secure from getting in the hands of the attackers.
We hear people saying that they wish to secure their website and the data it includes. But what does the term Secure mean ? One should be aware that the data within the websites database isn’t secure. If the database password falls in the wrong hands, all the measures that you’ve taken for securing your site would all go in-vain.
We come across many users that use some sort of non-standard ciphering software that uses an algorithm that is of no good. Instead, users can opt for a standardized algorithm for example MD-5 or Message Digest Algorithm 5.
This algorithm is popular and is considered even by the experts in the industry. Message Digest Algorithm 5 is a encryption technique that uses a one-way hash algo. The most beneficial benefits of using MD5 encryption is it capability of not allowing anyone to revert an encrypted output to the initial, plain-text input.
Whatever the input be, MD5 would always maps it to the same encrypted value. Hence, assuring the webmasters that the stored passwords would never be disclosed nor accessible to anybody. With this encryption technique, despite if the hacker is able to breach into your database, he would only have the Read permissions and not Write capabilities hence preventing him to make any changes in it.
Though there are certain drawbacks of MD5 encryption as well. One should not consider the technique of MD5 encryption as completely dependable. Incase, the password that you have set isn’t much strong, there are chances that a brute force attack can help the attacker gets to know it. Therefore, it is utmost important for users to have a complex password set for their websites, which too should be changed on a frequent basis.
It’s obvious to have a spontaneous question arising in the minds that, despite knowing these facts, why must we use MD5 encryption ? Then, reasons for it is that, this algorithm is fast, simple and really powerful.
Most website owners do not realise the basic fact that a password encryption would merely be of little use. It would only keep your passwords protects and not your entire website. If your website is poorly coded and loop holes, then an attacker or the hackers can exploit such weaknesses and cause serious damage, which might even be a compromised list of your highly confidential user details.
This can only be avoided if you have a well written/coded website with sufficient information encryption. By doing this, hackers have next to no scope of causing damage. Even if they try to crack the encryption of the password, they would barely achieve success due to the very fact that it requires a lot of time and processing strength to achieve the results as per their expectations.
And, thinking from a hackers perspective, no one can spend so long to try to decrypt a strongly encrypted password. Furthermore, it is important to maintain website and database backups on a regular basis. To understand the procedure to take backup of your database please refer :