Password is most important for preventing your website data , images , video and other details also. So use of good or strong is necessary to prevent your website information from hackers .Because hackers is not a your relative or family member to keep your data safe .
Some important points to understand about password:
- All website owner or admin knows they should use complex passwords, but they didn’t always do that . It is important to use strong passwords to your server and your website admin area, but equally also important to insist on good password practices for your users to protect the security of their accounts.
- Use password minimum of around eight characters, including an uppercase letter , symbol like $ ,@,? etc. and number will help to protect their information in the long run.
- It should always be stored as encrypted values, preferably using a one way hashing algorithm such as SHA or MD5 algorithm . Using this method means when you are authenticating users you are only ever comparing encrypted values. For extra website security it is a good idea to salt the passwords, using a new salt per password.
- In the event of someone hacking in and stealing your passwords, using hashed passwords could help damage limitation, as decryption them is not possible. The best someone can do is a dictionary attack or brute force attack, essentially guessing every combination until it finds a match. When using salted passwords the process of cracking a large number of passwords is even slower as every guess has to be hashed separately for every salt + password which is computationally very expensive.
Many content management systems provide user management out of the box with a lot of these website security features built in, although some configuration or extra modules might be required to use salted passwords or to set the minimum password strength. If you are using .NET then it’s worth using membership providers as they are very configurable, provide inbuilt website security and include ready made controls for login and password reset.