How to ensure security in your website?
Here, we shall be discussing how user id should be generated, what passwords should be allowed, what prompts should be displayed.
How to Encrypt Passwords
- Hash passwords with SHA3 to check authentic.
- Encrypt data using AES symmetric key.
- Message encryption and authentication by ECC.
User id generation
Let user enter only user name first. For eg mashuajmera. Then the username would be used to find the userid, which is decrypted using the username. For eg 011235542.
User authentication
When the password is entered, another file (shadow password file) containing userid salt and hashed password would be read for the corresponding userid. Thus the hash of the password entered would be matched with the hashed password in the file. And if matched, the user would be termed as authentic.
What Password prompts should be provided?
User prompt
A good technique for choosing a password is to use the first letter of each word of a phrase. However, do not pick a well-known phrase like “An apple a day keeps the doctor away” (Aaadktda). Instead, pick something like “My sister Peg is 24 years old” (MsPi24yo).
Proactive password checker
The process of rule enforcement can be automated by using a proactive password checker, such as the openware pam_passwdqc (openwall.com/passwdqc/), Jack the Ripper password cracker (openwall.com/john/pro/).
- All passwords must be at least eight characters long.
- In the first eight characters, the passwords must include at least one each of uppercase, lowercase, numeric digits, and punctuation marks.
