Secure Password Storage


This course introduces popular approaches to user password protection and storage, analyzing their common weaknesses and those properties that help schemes resist attack.

By learning to evaluate password storage schemes through the properties of their building blocks (hashes, salts, and algorithms), you will be able to properly evaluate password storage options in your development framework, and to articulate the trade-offs between modern schemes. At course end, you will be able to select and harden through configuration your application’s password storage scheme, or select a suitable replacement that best meets your application’s needs.

Learning Objectives

  • Evaluate current best practice solutions for secure password storage
  • Recognize that attackers have sophisticated cracking resources
  • Discuss how current adopted password storage solutions are insecure
  • Show why current solutions do not prevent user passwords from being revealed to an attacker
  • Discuss the password security pros and cons of algorithms like bcrypt/scrypt
  • Propose an alternate approach to strengthening current password security solutions


Delivery Format: eLearning

Duration: 1 hour

Level: Intermediate

Intended Audience: 

  • Developers
  • QA Engineers
  • Architects
  • Application Security Specialists

Get more course information