Posts Tagged ‘passwords’

Please give x letter of your password

Friday, April 10th, 2015 | Tech

Recently I registered with the new Virgin Money credit card service. They have just taken over the running of their own credit cards from MBNA so everyone has to re-register on their new system.

I selected a 14-character password containing a mixture of upper and lower case letters, numbers and symbols.

Five minutes later I was changing it to a simple easy-to-remember phrase. Why? Because every time I log in to my account I have to enter a set of certain digits from my password.

The problem is that I have no idea what my password is. It is safely secured away in 1password; I never look it at, I never know what it is. But thanks to Virgin Money’s so called security measures, much like other financial organisations do, I am instead forced to use a far more easily crackable password.

Hashing passwords in PHP

Thursday, March 8th, 2012 | Programming, Tech

If you store passwords as part of a PHP script, you may be using md5() or sha1() to hash the password. This is common practice, but you may be suprised to know that actually, the PHP manual recommends against it.

The reason is that they are both fast but relatively insecure hashing algorithms that can be brute forced by modern computer systems if they get hold of the strings. A better approach is to use the crypt() function, which is a little more expensive in terms of resources, but worth it for the increased difficultly you create for any potential hackers.