Alfred's New Ramblings

Password security

This is a very simple rule in application security.

Never ever save a user password in the clear.

Quite simple right?  No matter where it is stored, ultimately it needs to be opened for reading or backup.

If you need to save the user password, use a strong one way hash algorithm and save the hash.  All you need to do on authentication is to compare hashes. Simple?

Some people don’t get it.  Engadget reported that some mobile application or apps store password in the clear.

Read about it here.

Leave a Reply

Your email address will not be published.