LabR Learning Resources

Is My Website Password Encrypted?

With all of the ongoing security breaches and people having their passwords compromised, it has to make you wonder how some websites can give you your actual password and other sites send you a link to create a new password after sending you a temporary password to use.

In this article, we are going to explain how you can determine if a website you frequent is storing their password securely. Before we do that, let’s briefly discuss how website authentication works.

How Authentication Works

When you access a website, sometimes you are required to login with a username and password to access specific website features. To do this, the website has to store your username and password so when you provide them, it can verify if you entered the correct information.

The username and password you provide is usually sent to the web server using a web form and hopefully using some form of good security, such as SSL.

When the username and password is received by the web server, it looks up the username and password you provided in its files or database and then compares them to determine if the information is correct. If not, then the login attempt fails.

Sometimes you need to recover or reset your website password because you can’t remember what it is. What happens when you do this can provide you with hints as to how secure their application is storing your username and password information.

Basically — if the website can provide you with your actual password, whether or not it asks you some security questions, then:

  • The website is possibly storing your password information unencrypted; or,
  • The website is storing the password encrypted, but knows how to unencrypt the password.

The Website Can send Your Actual Password

When you forget your password and access a website’s “I forgot my password” link, the webiste may ask you some security questions, if it was set up to do that. Whether or not the website does this is not important to our discussion. If the website can either:

  • Can show your actual password on the screen; or,
  • Send your password to you via email;

then it is highly likely the website either stores the password unencrypted or knows how to decrypt the password. If the website can give you your actual password, then it is very likely that should the website be compromised, an attacker will have access to all of the usernames and passwords for all of the users.

The Website Sends me a Temporary Password to my Email

When a website uses this approach, they have no ability to look up or retrieve your existing password. This is a good sign, but there is no way to tell if the website is using unencrypted passwords and implemented this method to obscure that fact. This approach at least doesn’t send your password back to you through normally insecure communication methods.

Most reputable websites that implement this form of password recovery likely are storing the passwords in an encrypted format, ,aking it difficult if not impossible for an attacker to recover the passwords if retirved.

The Website sends me a Reset Password link to my Email

The same caveats as mentioned in the previous section exist here, because you can’t be sure if the passwords are actually stored encrypted. However, since they won’t provide the existing password, it is more likely that your passwords are encrypted.

The Role of Security Questions and Answers

Websites that ask you to provide some security questions and answers are using this information to help prove it is you when you either forget your password or want to perform some highly protected request. If you can provide your own questions and answers, this is a better choce than using the standard questions and answers most sites use.

If you are concerned about how well a website protects the answers to your security questions, you might want to come up with a set of alternative responses to the various questions and use them instead of the real responses — the more paranoid user takes this approach. Paranoia is not a bad thing in this case.

Tagged with: , , , ,

Reflections of a Adult Education Administrator

(This is a work of fiction.)

I had no idea when I took this job of managing this adult education center of the challenges I would experience. It has been a marvelous growth opportunity, but I must say there are days when I almost admit defeat. I thought managing this center would be mostly about providing high quality courses and instructors to my clients. I had no idea I would be spending so much time on budgets, making decisions about facilities, equipment or even making recommendations on how the courses are taught.

When I look back at this history of adult education, times have changed – or have they? The “problem” of adult education is nothing new, although maybe it is new to the generation of teachers I am working with. I guess from an experience perspective, I cannot really hold the teachers all at fault; I have not been doing this for very long either. When I go back and look at the writings of Dewey and Knowles, I can see how their thinking applies still today. Consequently, I have to draw the conclusion that while the demands of the students, the capabilities of the teachers and technology have all changed, the basic philosophy has remained more or less consistent.

Providing all the services we offer to our adult students creates a vast number of challenges. I have to make sure we have adequate facilities and classrooms to accommodate all of our students including basic services such as refreshments and restrooms. Because some of our students are on site all day, we needed to install a small cafeteria since the local restaurants are overcrowded with the local workforce and cannot accommodate the students.

Students want relevant courses to satisfy their particular situation and do not want to deal with the esoteric. The basic literacy and GED courses are not so much a problem, but the courses for our associate and bachelor degree programs must be competitive and up to date. Sometimes, we need to even be slightly ahead of the “curve” in parts of the course content because of the proximity of some high tech companies and either interest in our facility and students by those companies, or interest in working for those companies by the students.

The content and course management is only part of the challenge I am faced with. The overall day-to-day administration and organization of the center is similar to operating a small company. We have organizational culture issues affecting staff morale, and teachers who prefer to “look down” at their students than see them as equals. This is one area I know there has been a lot of research on, but it would be beneficial to conduct some long-term studies with some adult students to understand their perspective over the longer period.

Knowing the longer-term impact of decisions make from an organization perspective would have a significant impact on my ability to know if the decisions were the right ones. Too often, we do not see the expected benefits quickly and programs are pronounced failures without giving them a fair shot at success. More research on the expected time to see a specific set of benefits from program, and course material changes would improve change and increase the probability of success.

The second part of that same research would include how to address teacher adoption of new programs and bring them on board so they can have a positive impact on the program. I frequently have to deal with situations where teacher respond that they have seen similar things fail, and I am almost at my wit’s end trying to help them understand the positive benefits from their perspective.

Coupled with the ongoing administration challenges is managing my financial and budget targets. Even though we are part of a school district and are allocated funds from the district, we are expected to use tuition as a major component of our financial management and be almost fully self-supporting. The once a year allocation from the school district is not enough to run the operation and there are no handouts from the district over the year. This means any additional improvements must be funded through grants.

Despite the challenges with the budgets, bringing state of the art technology into the classrooms is the biggest challenge I have. I have a fully equipped computer lab with the latest computers, network equipment, and software. However, I would like to see more research on how effectively apply this technology across a wide variety of educational programs so every student can benefit. Currently, the students getting the most use of the lab are in technology and science programs, leaving the arts, humanities and other areas with little opportunity or unclear ideas on how they can best apply this technology to their programs.

The students and faculty also want to expand the wireless network and support portable digital assistants (PDA) and tablet computers in the classroom for note taking, presentations, and data collection. While there has been a lot of research published, it often consists of highly specialized situations, case studies, or software implementations that do not cover our needs. Broader based research on integrating leading edge technology into the program and providing the faculty with the inservice training and support necessary to use it is an absolute must.

In many respects, our technology program could benefit from onsite technology coordinators and instructional design support staff, but the budget is not there to provide those support roles at this time.
This brief paper reflects upon my role as an adult education administrator and highlights some of the challenges I face on a daily basis. It also highlights the need for continued research into areas such as administration and technology implementations. Only through continued research and application of that research in practical situations can education centers such as ours really demonstrate the vast capabilities and services we have to offer the community.

Tagged with: , ,

Welcome Back

The old site has been migrated to this new one, which we think will offer better functionality, and it looks nicer too.