You may be interested to know that one of the ways to determine if a Web site that requires a logon with a password is secure is by clicking on the “Forgotten your password? Click here” link. If the Web site is a secure site you’ll be instructed to create a new password.
The reason you’ll be required to create a new password is the Web site does not know your password. In fact, if the Web site could tell you your password the Web site is insecure.
So how does a secure Web site know when you login your password is correct?
It knows whether or not your password is correct because it stores what is called a “hash” of your password. A unique number that’s computed from your password.
A “hash” of a password is like a one direction encryption that cannot be reversed to recover the password.
When you set your password after having verified it’s you by successfully logging in or by using a password reset link, the service:
* Computes the “hash” of the password you entered which is simply just a many digit number.
* Stores that number with your account username and whatever other information they keep about your account.
* Discards the password. It’s completely purged from their system.
All they keep is the hash number.
When you Login and enter your username (or email or other ID) and password into a login form and press “Login” the service:
* Looks up your username. If that username does not exist, the login will fail.
* Then computes the “hash” number of whatever you typed in as your password.
* Then compares the number it just calculated with the number it had stored in your account as the “hash” of your password.
If the numbers do not match, you did not type in the same password and the login fails. If the numbers match (the “hash” of your stored password matches the “hash” of the password you entered), your typed in password is correct and the login proceeds.
You’re probably asking why do I need to know about a “hash”.
Simply this. If a Web site stores your password it would be as available to a hacker as it is to you.
If you want to be sure a Web site is a secure site, login and request your password. If you receive your password, best you pass up any opportunities the Web site offers.
Here’s wishing you a Good Boot.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment