CompTIA CASP+ Practice Test

Which condition would best improve the security of passwords stored in a database?

• A. Enforce password changes every 30 days.
• B. Use hashing for password storage.
• C. Require complex passwords with symbols.
• D. Store passwords using encryption.

The correct answer is: Use hashing for password storage.

Using hashing for password storage significantly enhances security because it transforms plain text passwords into a fixed-length string of characters that appears random. The key aspect of hashing is that it is a one-way function, meaning that once data (like a password) is converted into a hash, it cannot be easily reversed back to its original form. This makes it challenging for attackers to retrieve the original passwords even if they gain access to the hashed values in the database. Additionally, good hashing practices (such as the use of strong algorithms like bcrypt, PBKDF2, or Argon2) involve the incorporation of a unique salt for each password. This further complicates attacks like rainbow tables or dictionary attacks since each hashed password is unique to the salt added, making it considerably tougher for attackers to crack the passwords. On the other hand, enforcing regular password changes, while promoting some level of security, does not directly improve how passwords are stored. Similar is the requirement for complex passwords, which enhances the initial strength of the passwords themselves but does not address how those passwords are managed and safeguarded in storage. Storing passwords using encryption provides a layer of security, but unlike hashing, encrypted passwords can be decrypted if the encryption key is compromised, leaving more vulnerability compared to using