Which practice is a common pitfall in password storage?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Enhance your NSF Specialist Training skills. Study with flashcards and multiple choice questions, each question has hints and explanations. Get ready for your exam!

Multiple Choice

Which practice is a common pitfall in password storage?

Explanation:
Storing passwords in plaintext is a fundamental pitfall because it leaves the actual passwords exposed as soon as the data store is accessed. If the database is breached, attackers get immediate, readable credentials for every user, which can be used to log into other sites where users reuse passwords. There’s no barrier to offline guessing or credential stuffing when passwords aren’t protected. The correct approach is to transform passwords with salted hashes using adaptive hashing functions like bcrypt or Argon2. Salting adds a unique value to each password before hashing, so identical passwords don’t yield identical hashes. Adaptive hashing makes each guess computation deliberately slow, which dramatically increases the work for an attacker trying many guesses, making breaches far less practical. Rotating encryption keys isn’t the primary concern here because password storage relies on hashing, not encryption of the password data itself. While encryption can protect data at rest, it doesn’t inherently guard against offline attacks if the data is decrypted for use, whereas hashed, salted passwords stay protected even if the database is compromised.

Storing passwords in plaintext is a fundamental pitfall because it leaves the actual passwords exposed as soon as the data store is accessed. If the database is breached, attackers get immediate, readable credentials for every user, which can be used to log into other sites where users reuse passwords. There’s no barrier to offline guessing or credential stuffing when passwords aren’t protected.

The correct approach is to transform passwords with salted hashes using adaptive hashing functions like bcrypt or Argon2. Salting adds a unique value to each password before hashing, so identical passwords don’t yield identical hashes. Adaptive hashing makes each guess computation deliberately slow, which dramatically increases the work for an attacker trying many guesses, making breaches far less practical.

Rotating encryption keys isn’t the primary concern here because password storage relies on hashing, not encryption of the password data itself. While encryption can protect data at rest, it doesn’t inherently guard against offline attacks if the data is decrypted for use, whereas hashed, salted passwords stay protected even if the database is compromised.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy