“Companies spend millions of dollars on firewalls, encryption and secure access devices, and it’s money wasted, because none of these measures address the weakest link in the security chain.” – Kevin Mitnick What is the weakest link in the security chain? Humans, of course. It seems that every few weeks another story hits the news about a data breach; leaked by a disgruntled employee, theft of a laptop, or socially engineered access to a company’s database. A few million passwords here, few million passwords there… assume that the super secret P@ssw0rd protecting your sensitive data will be leaked! With the use of an appropriate hashing strategy we can prevent hackers from accessing passwords, even after a data breach has occurred. I will outline some of the flawed approaches to password storage, then I will describe how you should really do it. (or watch this video from the excellent youtube channel computerphile....