In the process of writing the final report for a penetration test, which of the following recommendations would be the BEST to include for remediation when discovered that passwords are being stored in clear text?
Encrypt the passwords with a symmetric key.
Store the passwords using base64 encoding.
Hash and salt each password before storage.
Enforce a password policy requiring increased complexity.
When passwords are stored in clear text, they are vulnerable to being easily read and exploited in the event of a data breach. The BEST practice for remediation is to recommend that the organization hashes and salts each password before storage. Hashing transforms the password into a fixed-length string that resembles random data, while salting adds an additional unique value to ensure that even identical passwords result in different hashes, preventing the use of rainbow tables to reverse the hashing. Encryption alone is sometimes seen as a potential answer, however, if the encryption keys are compromised, encrypted passwords can be quickly decrypted. As for increasing password complexity, while a good practice, it is not the primary solution to the problem of storing passwords in clear text.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does it mean to hash and salt a password?
Open an interactive chat with Bash
Why is storing passwords in clear text a security risk?
Open an interactive chat with Bash
What is the difference between hashing, salting, and encryption?