An organization wants to limit potential impact to its log-in database in the event of a breach. Which of the following options is the security team most likely to recommend?
When passwords are hashed, the database stores only the hash values instead of the actual passwords. This means that even if the database is breached, the attackers cannot easily obtain the original passwords.
Hashing is a one-way function, meaning it is computationally infeasible to reverse-engineer the original input from the hash. This ensures that password data is secure even if exposed.
Hashing significantly mitigates the risk of credential theft by ensuring that password data remains protected, making it the most effective choice for securing a log-in database against potential breaches.
Hashing is the correct answer because it effectively limits the impact of a database breach by storing only hashed versions of passwords, thereby protecting sensitive credential information. Hashing ensures that even if the log-in database is compromised, the passwords remain secure and difficult for attackers to reverse-engineer.
What about other information that is stored in a login database like User IDs or emails, security questions and answer, MFA, account status etc. Hashing isn't going to protect those. The only thing hashing protects in case of a breach is passwords only. This is why it can not be the best choice here. Tokenization is the correct answer.
Why not C? What if they do get the data?
Data obfuscation is the process of disguising confidential or sensitive data to protect it from unauthorized access. Data obfuscation tactics can include masking, encryption, tokenization, and data reduction. Data obfuscation is commonly used to protect sensitive data such as payment information, customer data, and health records.
Obfuscation is the generally correct, but when it comes to passwords and log-in information, it is best to store it in a non-reversible method.
Therefore, hashing is the best choice out of the options presented.
B. Hashing
Use Tokenization for payments and credit cards - the data needs to be retrievable, so you'd replace the sensitive info (your CC numbers) with a non-sensitive token to act as a dummy. If you use Apple/Android Pay, the CC you save on your phone is tokenized so the actual numbers can't be stolen.
Hashing is for log-in databases and such where you need to secure the info.
The answer is Hashing! The key is Log in and hashing is used for Authentication.
During login, the system combines the entered password with the stored hashes. If the result matches the stored hash, the login is successful
The correct answer is segmentation. From the CompTIA study guide, Segmentation is a method of securing data by dividing networks, data, and applications into isolated components to improve sensitive data protection, limit the impact of a breach, and improve network security
A. Tokenization
Here is why: Tokenization replaces sensitive information with token that has no meaningful value outside the tokenization system. The original data is stored securely elsewhere. If the a database with tokenized data is breached, the sensitive information remains protected. Keep in mind, hashing only protects stored passwords which is by converting them into a fixed size string of characters that are irreversible, but what about all the other data that is also stored in a login database like username or emails, security questions and answers, multi factor authentication, account status or last login information. Hashing is not going to protect all that.
This is why although hashing is a great choice for securing passwords, it is not the best option considering the context of a login database and hence tokenization is the correct answer!
B. Hashing
Hashing is the most likely recommendation for protecting a log-in database. By hashing passwords, the organization ensures that even if the database is breached, the actual passwords are not exposed in plaintext. Hashing converts passwords into a fixed-size string of characters, which is not reversible, thus protecting user credentials.
Therefore, the correct answer is:
B. Hashing
If you said anything besides B, you need to go back and hit the books. Keyword in the question is "log-in". What do you use to login? ID and password right? So hashing your ID and password will turn them into a string of nondescript text that cannot be reversed or decoded. Hashing log-in passwords will limit potential impact.
I'm changing my answer. It should be A tokenization because after reading the question again, it says "log-in database" in the event of a breach. So the breach happened. How can they secure the log-in data information? By using tokenization to replace sensitive data with non-sensitive placeholder. For example, your password can be replaced with random letters or numbers.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dbrowndiver
Highly Voted 5 months, 1 week agoa4e15bd
4 months, 3 weeks ago35f7aac
Highly Voted 7 months, 1 week agojsmthy
3 months, 2 weeks agodeejay2
Most Recent 3 days, 16 hours agoXezita
1 month, 2 weeks agodeejay2
2 months, 2 weeks agoTy13
3 months, 2 weeks agoRIDA_007
3 months, 3 weeks agoSpikeyOG
4 months agonyyankee718
4 months ago17f9ef0
4 months, 1 week agoa4e15bd
4 months, 3 weeks agosgtan
5 months, 1 week agosgtan
5 months, 1 week agosgtan
5 months, 1 week agoAndrewyounan
5 months, 3 weeks agoEtc_Shadow28000
7 months agodrosas84
7 months agodrosas84
7 months agoShaman73
7 months, 1 week ago