While storing passwords in a database may be a common practice, storing them properly usually isn’t so common. This is the first of a series of posts where we will examine some of the options available for storing passwords in a SQL Server database.
When you store a password in a database you basically have 3 choices as to how you are going to do it. You can save the password as:
- Unencrypted clear text that can be viewed by anyone with read access to the table
- Encrypted text that has a need to be decrypted
- Strongly encrypted text that will never need to be decrypted
In this first post of our storing passwords series, we’re going to address the first choice:
Storing the password as unecrypted clear text
When it comes to using this method of password storage, there is only one thing you need to remember.
- Don’t do it.
Storing passwords as a clear text string is a really, really, really bad idea. Unfortunately, it is one of the more common approaches used by developers. I’m ashamed to admit that in my past life as a developer I have done this. And while I think we can all agree that this is a not a good approach, so many times we do it anyway. So, what are some of the thought processes behind using this method? Why would a developer store passwords as clear text when it’s common knowledge that you shouldn’t? Some of the reasons may be:
- It’s easier, and encryption is hard (supposedly)
- No one is ever going to know. (Only the developers have access to the database, right?)
- Rushed development, not enough time to fool with learning how to encrypt passwords properly
- No one on the development team can agree on the best way to do it, so no one does anything
- This application isn’t very important, so the passwords for it are not important
Regardless of the reason, failing to encrypt passwords in a database can lead to serious trouble. If your database is ever compromised, and all of your user logins (for example) are sitting there in clear text, that’s bad. Don’t think your database will ever be compromised? What if your laptop is stolen with a copy of the database on it? What if a report writer falls victim to a phishing scam? SQL Injection? Malware? Social Engineering? There are plenty of ways for your unencrypted data to get out into the world! Data breaches are becoming more and more common, and when the FBI comes knocking on your door you need to be able to show them that you at least made a concerned effort to protect that data.
Do these scenarios sound a little far fetched? Maybe, maybe not. I know for a fact that we have a local FBI office that does nothing but investigate data breaches. My point is, as developers and DBAs, we are entrusted with the gathering and storage of sensitive information such as passwords. It doesn’t matter if it is a login for an application to look at banking information, healthcare records, or cat videos, care should be taken to safeguard password information. So, when it comes to storing passwords as unencrypted clear text, remember this:
Don’t. Do. It.