When you hear about a platform/company having passwords leaked or stolen, yeah you should be worried but not a lot like going crazy if you know that they (the platform/company) have good encryption with a little bit of salt and pepper and they reset your passwords when you forget them, what do I mean by these two things?
First the salt and pepper. You all know that the passwords have to be encrypted for security reasons, in this context “salt” means adding more words to the password the user types in, for example: I type “CatDog”, the platform adds “R4%” (the salt part) to what I typed so it becomes “CatDogR4%” and then it encrypts it so the encrypted password becomes more difficult to decipher it.
You might say: “This is useless if the hacker finds out what the ‘salt’ is” and you are right but that’s why the pepper, the pepper is like the salt but dark…. Okay it was bad joke but seriously the pepper is like the salt but it’s random, using the example from before: I type “CatDog” and the system adds a random letter and the “4%”, it becomes “CatDogY4%”; the hacker has to spend more time because of the random part. You can say both salt and pepper are really useful, but none of this matters if the company doesn’t use them, but how do you know if they even encrypt your password? This brings me to the second point.
When I said that it’s good that when the platform asks you to reset your password when you forget it’s because they REALLY DON’T KNOW YOUR PASSWORD. They may have a database with the passwords encrypted, but they can’t de-encrypt them, that’s why when you forget your password they don’t send you an email with it, they tell you to reset it. Make the test, use the “I forgot my password” and see what happens, if they send your password, then close that account and RUN!!!
Well, that’s all for this post, see you guys later. Leave any comments down about the topic or other things you want me to write about.
Paco's adventures 