What is the best way to handle user account management in a system, without having your employees who have access to a database, to have access to the accounts.
Examples:
Storing username/password in the database. This is a bad idea because anyone that has access to a database can see the username and password. And hence use it.
Storing username/password hash. This is a better method, but the account can be accessed by replacing the password hash in the database with the hash of another account that you know the auth info for. Then after access is granted reverting it back in the database.
How does windows/*nix handle this?
13 best practices for user account, authentication, and password management, 2021 edition 1 Hash those passwords. My most important rule for account management is to safely store sensitive user information,... 2 Allow for third-party identity providers if possible. Third-party identity providers enable you to rely on a trusted... More ...
User authentication systems verify that only authorized users can access cloud applications and company accounts. These systems are designed to ensure that only the right people can access the right business systems, and they offer a range of features which help to enhance basic username and password account security.
This is most simply achieved by asking the user to provide a common identifying detail, such as email address, phone, or username. If that data matches an existing user in your system, require them to also authenticate with a known identity provider and link the new ID to their existing account. 5. Don't block long or complex passwords
As you can see, username and password authentication still has some pitfalls, especially if done incorrectly. Luckily, there's a simple way to combat all of these challenges: multi-factor authentication.
This is a better method, but the account can be accessed by replacing the password hash in the database with the hash of another account that you know the auth info for.
There's really no way around this. Anyone who as write access to the password file has complete control of the computer.
This was a common issue in UNIX many years ago, and was resolved by separating the user identity components (username, UID, shell, full name, etc.) from the authentication components (password hash, password hash salt). The identity components can be globally readable (and in fact must be, if UIDs are to be mapped to usernames), but the authentication components must be kept inaccessible to users. To authenticate a user, have a trusted system which will accept a username and password, and will return a simple result of "authenticated" or "not authenticated". This system should be the only application with access to the authentication database, and should wait for a random amount of time (perhaps between 0.1 and 3 seconds) before replying to help avoid timing attacks.
I'd go with 2 but use some salt. Some pseudocode:
SetPassword(user, password)
salt = RandomString()
hash = Hashfunction(salt+password)
StoreInDatabase(user, salt, hash)
CheckPassword(user, password)
(salt, hash) = GetFromDatabase(user)
if Hashfunction(salt+password) == hash
return "Success"
else
return "Login Failed"
It is important to use a well known hash function (such as MD5 or SHA-1), implemented in a library. Don't roll your own or try implementing it from a book its just not worth the risk of getting it wrong.
@Brian R. Bondy: The reason you use salt is to make dictionary attaks harder, the attacker can't hash a dictionary and try against all the passwords, instead she have to take the salt + the dictionary and hash it, which makes the storage requierments expode. If you have a dictionary of the 1000 most commaon passwords and hash them you need something like 16 kB but if you add two random letters you get 62*62*16 kB ≈ 62 Mb.
Else you could use some kind of One-time passwords I have heard good things about OTPW but havent used it.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With