Passwords & Databases

Once your awesome super secure password is saved to the database of your new app or service, it is now in the careful hands of the system admin, database admin and security people. Or maybe no one at all. The smart programmers who built, designed and implemented authentication systems are human too. They make basic mistakes.

There are many articles on the do' and don'ts of password storage. NIST recommends 'passwords be salted with at least 32 bits of data and hashed with a one-way key derivation function such as Password-Based Key Derivation Function 2 (PBKDF2) or Balloon . This stuff is complicated and there are many steps along the process that can be missed or exploited by hackers.