Protecting passwords against stealing

balaji
By balaji

July 8, 2006

Which of these techniques helps in preventing passwords being stolen from the browser?

  1. Using SSL for the authentication pages
  2. Using salted hashing for transmitting passwords
  3. Using an intermediate page after login
  4. All of the above

The correct answer is d) All of the above.

Use of SSL encrypts all traffic and is good to use for pages that carry sensitive data like the login credentials. But just having SSL is not enough to prevent the password from getting stolen. This aspect is discussed in greater detail in Understanding SSL.

Even if SSL, passwords can be stolen from the browser memory as SSL encrypts only data in transit. The salted hashing technique ensures that the password is safe even against such attacks.

Yet another method for stealing passwords is the browser refresh technique that we discussed in an earlier article. Even on a SSL enabled site, the browser refresh can lead to the adversary logging in without valid credentials. The use of an intermediate page after login is the most secure way to prevent this attack.

Hence all the 3 options mentioned above are different techniques used to prevent various password stealing attacks.


Tags: Quiz

About

balaji

SUBSCRIBE TO OUR BLOG

Buyers-Guide-Collateral

WHITEPAPER

Buyer’s Guide to Managed Detection and Response

Download
MDR

Get AI Powered

Managed Detection and Response

MDR-learmore-btn

 

MDR-Guide-Collateral

REPORT

AI-Driven Managed Detection and Response

Download Report
Episode

EPISODE-25

Red-LineAsset-6

Why Your ‘Likes’ on Facebook May Be Revealing Far More than You Thought

Click URL in the Post for the Full Podacst
  • FacebookAsset
  • LinkedinAsset
  • TwitterAsset