Your Password Is… wait for it… NOT Always Encrypted
Summary
This article from Black Hills Information Security discusses how passwords, even those intended to be secure, are not always encrypted. As penetration testers, the article's author highlights the varied nature of passwords found during assessments, noting that good passwords typically exceed 16 characters and include a mix of cases, digits, and special characters.
IFF Assessment
The article points out a common security vulnerability where passwords might not be encrypted, making them susceptible to interception or exposure, which is bad news for defenders.
Defender Context
This article serves as a reminder to defenders that even seemingly basic security measures like password encryption can be overlooked or implemented improperly. It underscores the importance of verifying that sensitive data, especially authentication credentials, is always protected in transit and at rest, and that robust password policies are consistently enforced.