|
|
@@ -12,7 +12,7 @@ Throughout the years the standard mechanism for storing passwords has evolved.
|
|
|
In the beginning passwords were stored in plain text.
|
|
|
The passwords were assumed to be safe because the data store the passwords were saved in required credentials to access it.
|
|
|
However, malicious users were able to find ways to get large "data dumps" of usernames and passwords using attacks like SQL Injection.
|
|
|
-As more and more user credentials became public security experts realized we needed to do more to protect users passwords.
|
|
|
+As more and more user credentials became public security experts realized we needed to do more to protect users' passwords.
|
|
|
|
|
|
Developers were then encouraged to store passwords after running them through a one way hash such as SHA-256.
|
|
|
When a user tried to authenticate, the hashed password would be compared to the hash of the password that they typed.
|
Hrushikesh Salunkhe