According to a new study published by the Information Commissioner’s Office (ICO), one of the biggest flaws detected in protecting personal data online often leading to data breaches is the insecure storage of passwords. ICO advises organisations to ensure that passwords must be deployed based on specific procedural methods known as salting and hashing in order to safeguard data storage.
Listed as one of the eight common computer security vulnerabilities, insecure password storage is a leading culprit causing data breaches.
What is Hash Function?
According to the ICO, a hash function is a unidirectional solution which transforms a password into a hash value, often just referred to as the hash. When a first-time user registers with a particular online service by providing login details and a unique password, this password is hashed by the service and only this specific hash value is collected.
When the same user resumes the online service and enters his login details with the same password, a fresh hash is calculated and compared with the collected hash. If both hashes match with each other, then the user is established as genuine.
The report emphasised on hashing passwords in order to thwart the attacks by hackers, as such cyber-terrorists are unable to directly work out the actual passwords even if they manage to get a list of the collected hashes or are aware of a specific hash function that was utilised.
However, the measure of hashing does not avoid hackers from obtaining a list of hashes by speculating the passwords, which is why the ICO recommends an additional technique to be used to further safeguard against password cracking attacks known as salting.
Every user has a string of random data unique to that particular user itself, known as a salt. In combination with the user’s password, the salt is used and incorporated within the password, further hashing the result. In a database, the hash and salt are stored alongside. Thus, when a user enters his login details on a specific online service, the collected salt and the password provided by the user are newly blended and hashed.
Why is it important?
It is important that organisations and businesses become increasingly aware of the technological advancements in the field of document protection and security such as hashing and salting to further protect their password-protected files.
In addition to these methods, organisations must look into futuristic methods to protect their data. This is because, as hashing and salting measures become more common and are being deployed, hackers might attempt to calculate hashes and retrieve passwords faster with enhanced computer processes. The ICO also outlines the need for establishments to have substantial and robust security architecture to protect against unlawful breaching of private data.
The ICO report examining data breaches on a regular level further revealed that while a number of businesses are taking PDF security and document protection seriously, a large number of organisations are failing at the basics. It is important that businesses invest in established industry practices that can help save them financial and reputation damage connected to serious data security attacks.
By investing in award-winning document protection software such as LockLizard, companies can save valuable data from unauthorised usage or misuse by knowing who can view such documents and how they can be used. The PDF DRM from LockLizard offers document protection by preventing the copying of sensitive information, printing or limiting the number of prints, modifying the original document, sharing and saving of content, taking screenshots and much more.
The Author of this article is an expert in the field of intellectual property and data security. She shares her views about online document Security, PDF security, PDS DRM and related topics.