Why Use MD5 for Password Security?
Security is the key to any business enterprise. When we talk about security, the primary question that comes to our mind is what are the security measures that the platform undertook to ensure the security is maintained. You might ask, how secure my password is inside the platform? How it is stored and what are the privileges?
Now, these questions are very likely to occur in mind. In this article, we will talk about password security and how it is maintained in the platform.
Questions regarding Password Security
Q. Do you store passwords in raw format, such that anyone having access to the data can see it?
No, we do not store the password in any of our databases. The stored password in the cloud is a hash equivalent of the password. Hence when you give your password, it is hashed again using the same logic, and both the compared to see whether the hash generated in the platform is the same as the stored hash.
For example, let’s say you put your password as “Abhishek1234”, the hash of the same would “_&?Sv?1???mX.?” which is not readable and does not have any meaning to it. You know your password, and when you put your password, we run the same algorithm to generate the hash, and if the hash generated matches, that means you have entered a correct password.
Q. How secure is my Hash of my password?
You might also ask, that we said the password is stored in the database, and how secure is my database. Our database is not open and only one or two-person have access to it. the Database of our system is encrypted and also is secure with IP based firewall, such that only from a particular IP address, it could be opened.
Q. Why do we store passwords in MD5 when MD5 has collisions?
Yes, we know MD5 does have collisions, but the collision takes place in the long-range and the password security breach because of the collision of MD5 becomes impossible. If the hash is not exposed, the message which collides with the actual hash is at an extreme range. Thus the password hashing is OK with MD5.
Q. What if I want to add extra security to my account?
BTW, we have another important feature in APPSeCONNECT that will make you even safer. Just after you log in, go to the Profile section and enable “Two-factor Authentication”. This will give you additional security where the passcode comes to your mobile, or email, or through call and you can securely log in. To enable a 2-factor authentication system follow the step – 5 Uncommon Security Features of APPSeCONNECT
This feature ensures, that even if your password is compromised, your account is still safe as no one can log in to it without knowing the One Time Password send over your phone or email. This feature gives an extra security layer for your account.
Feel free to ask questions if you have any.
APPSeCONNECT is a smart and robust business application integration platform that seamlessly connects all your business applications with each other to streamline operations and facilitate the free flow of data across the platforms. By moving into the region of iPaaS, APPSeCONNECT proves to be a best-in-the-class platform that easily connects systems and automates the business process.
Now, you can easily connect all your business applications under one single platform to automate the business process!