How responsible are online services with your passwords?

by @joannaskao December 6, 2013 5:00AM ET

Explore how some of the biggest service providers store your passwords

Topics:
U.S.
Technology

Creating online accounts and the secure passwords to protect them, has become an integral part of everyday life. Each time we create a user account, we place our trust in a company’s security protocols to protect the username, password and other personal data required to create the account. But there is no legal standard, so the quality of protection varies from company to company.

Al Jazeera contacted over 40 companies from a variety of industries to find out how they store passwords.

Then we built a Chrome browser extension that aims to help you understand the security practices for some of the biggest service providers in the U.S.

Download it here:

It’s difficult to evaluate with certainty the security of password storage schemes, but there are a few signs that a company is responsibly handling users’ passwords.

Jeremi Gosney, founder of and password expert at Stricture Consulting Group, says that the key is not in the encryption algorithm but whether passwords are being salted and how many iterations of hashing are being used. Basically that means how much a company does to obscure a password.

Salting is the process of adding random text to a user’s password.

Hashing is running a string of characters through a secret process that replaces the original characters with another string of a standard length, making it harder to discern the original password. The more times the process of hashing is repeated, the harder it is for hackers to crack a password — the government recommends a minimum of 1,000 repetitions.

The process of salting and hashing ensures that two users who use the same password will have different salted and hashed passwords and that the lengths of passwords cannot be discerned by their hashes.

This browser extension will help you understand whether a company is using salting or hashing in storing your passwords.

If you are a representative of a company that would like to be added or have an update, please fill out this request form. We will be updating the list over time.

Enjoy!

Companies Hashing Salting Other information
Note: Al Jazeera reached out to the following companies, but did not receive a reply: 23andMe, Allstate, Amazon, AOL, Apple, AT&T, Bluefly, Dropbox, eBay, Fitbit, Foursquare, Google, Hulu, Match.com, Netflix, Path, PayPal, Pinterest, Pocket, Skype, Snapchat, State Farm, Uber and Zipcar.

Graphics created by Lam Thuy Vo.

 

Find Al Jazeera America on your TV