Salting and Biometrics

Password file

A single, hashed and salted file where passwords are stored.

Hashing

A mathematical formula that performs one-way encryption of plaintext into hash text.

Brute force attack

A method of password cracking that involves hashing and comparing random phrases to stored passwords.

Dictionary attack

A password cracking method that encrypts non-random phrases, like those found in a dictionary.

Rainbow table attack

An attack that uses pre-computed, encrypted passwords to facilitate password cracking.

Salting

Adding a random word (salt) to the plaintext password before hashing.

Two-factor authentication

A security process that requires two different forms of verification to authenticate a user.

Biometrics

Authentication method using physical characteristics like fingerprints, face, or voice.

Issues with fingerprint biometrics

Can be affected by damage like burns or cuts on the finger.

Issues with facial recognition

Can be inconsistent and temperamental.

Issues with retina scans

Expensive to set up and maintain but very accurate.

Issues with voice recognition

Can struggle in loud environments.

Issues with biometrics as a whole

Identifiers, not secrets; no password resets; once compromised, all accounts may be vulnerable.

Bug bounties

Incentives for finding exploits within a system and notifying the company.