Rethinking password security: say goodbye to plaintext passwords

Recently, we came across a report by BleepingComputer, which shared how misconfigured Firebase projects led to the leakage of 19 million plaintext passwords on the public internet. This was primarily caused by missing or incorrectly configured security rules on Firebase instances that consequently permitted read access to databases, resulting in a massive data leak that exposed:

• Names: 84,221,169
• Emails: 106,266,766
• Phone numbers: 33,559,863
• Passwords: 20,185,831
• Billing info (bank details, invoices, etc.): 27,487,924

For passwords, the problem was a lot worse because 98% of them, or 19,867,627 to be exact, were in plaintext. While this problem is not inherently a Firebase bug, it does signify a massive lack of understanding around authentication tooling and password security. Therefore, this blog will discuss why plaintext passwords are bad for your security and alternative solutions.

The dangers of plain text passwords

Storing passwords in plaintext presents significant security risks and vulnerabilities for both users and organizations. Here are several vital points illustrating why plaintext passwords are bad:

• An easy target for hackers: Plaintext passwords can be easily read and exploited by anyone who gains unauthorized access to the storage database, making them prime targets for hackers.
• Lack of confidentiality: Storing passwords in plaintext fails to protect the confidentiality of user information. If a security breach occurs, users’ passwords are exposed without any layer of protection.
• Non-compliance with security standards: Many industry standards and regulations, such as GDPR, PCI DSS, and HIPAA, require that personal data, including passwords, be adequately protected, and storing passwords in plaintext can result in non-compliance.
• Increased risk of insider threats: Plaintext passwords are vulnerable to external threats and insider threats. Employees with access to the database can view and potentially misuse this information, leading to internal security breaches.
• Higher impact of data breaches: When passwords are stored in plaintext, the impact of a data breach is magnified. Attackers can access the compromised system and use the same credentials to attempt access to other services, exploiting the common habit of password reuse.
• No defense against brute force attacks: Plaintext passwords offer no defense against brute force attacks. While hashed passwords can also be vulnerable, hashing makes decoding user passwords a lot more difficult.
• Damage to reputation: A company found to be storing passwords in plaintext can suffer significant damage to its reputation. Users and clients lose trust in a business that doesn’t prioritize their information’s security.

Alternatives to plaintext passwords

Fortunately, modern authentication systems are built with the drawbacks of plaintext passwords kept in mind. Two major solutions that have been developed to solve this problem are as follows:

Password hashing

Password hashing is a security technique that converts a plaintext password into a fixed-size string of characters, which is virtually impossible to reverse. This process uses a hash function to transform the original password, ensuring that even if the data storage is compromised, the actual passwords are not easily deciphered.

Benefits of password hashing compared to storing passwords in plaintext include:

• Enhanced security: Hashed passwords are extremely difficult to reverse-engineer, providing a higher level of security against data theft.
• Data breach protection: In the event of a breach, hashed passwords significantly reduce the risk of passwords being used for unauthorized access.
• Compliance with standards: Hashing passwords helps organizations comply with data protection and privacy regulations.
• User trust: By securing passwords effectively, businesses can maintain and even boost user trust by demonstrating a commitment to privacy and security.
• Mitigation of reuse attacks: Hashed passwords make it harder for attackers to use stolen credentials on other sites, reducing the impact of credential reuse attacks.
• Scalability and future-proofing: Hashing algorithms can be updated and strengthened over time, providing flexibility as security standards evolve.

You can read our blog on password hashing algorithms to learn more.

Passwordless authentication

Passwordless authentication eliminates the need for users to create and remember passwords, aiming to enhance both security and user experience. Instead of relying on a traditional password, passwordless methods verify identity through alternative means. This approach can significantly reduce the risk of phishing attacks and password theft, as there’s no password to steal or guess.

Some common passwordless authentication methods are:

• Biometric verification: Uses unique biological characteristics, such as fingerprints or facial recognition, for identification.
• Magic links: Sends a one-time use URL to the user’s registered email address for login.
• One-time passwords (OTPs): Generates a single-use code sent via SMS or email.
• Authentication apps: Generates time-based codes or push notifications for user approval.
• Smart cards and security tokens: Physical devices that the user must possess to gain access.

You can read our blog on passwordless authentication to learn more.

How Appwrite solves this problem

Appwrite Authentication makes building secure and robust authentication easy and supports many authentication methods. Currently, the following authentication methods are available on Appwrite to combat plaintext passwords:

• Email and password login with Argon2id password hashing
• OTP-based login via SMS and email
• Magic URL login via email
• 30+ external OAuth2 providers, including Google, Facebook, GitHub, LinkedIn, and Apple
• JSON Web Token (JWT) creation to extend user authentication to server-side functions
• Custom token login to allow integration with any external authentication solution of your choice
• Two-factor authentication to add an additional layer of security to user accounts

Additionally, to prevent unauthorized data access, Appwrite features a robust permissions system that is thoroughly coupled with Appwrite Authentication. The most significant benefit of Appwrite’s permissions system is that any developer needs to offer read or write access to any user intentionally. No default rule provides open access to your application’s client, and the process of setting permissions is simplified by using Appwrite’s console UI.

Appwrite also enforces the setting of authorized clients to communicate with an Appwrite project for all supported client platforms (web, Android, Apple, and Flutter). This way, no unauthorized clients can access data, adding an extra layer of protection.

Moving forward

No matter what rules and systems any platform provides, combating plaintext passwords is a responsibility shared by all application developers. If you, as a developer, care about the security and privacy of your user accounts and data, you must take the necessary actions to safeguard their authentication information. Appwrite takes this problem very seriously and will continue to add new tools and improve our existing ones to make user authentication simpler and safer for all developers and their users.

Learn more about Appwrite Authentication through our docs and join our Discord server.