14 DAY TRIAL // Theoretically, any password can be cracked, but the mechanisms of cracking them depend on the type of password and its strength. The high number of hacker attacks increased the need of web site protection in order to control the unauthorized access to certain information. For example, the entire web site or only a part of it could have restricted access, being available only to registered users through login forms or authentication systems.
The user's login details, (user name and password) are usually stored in a database. Database administrators should ensure the best database security in order to maintain users' login information far away from hackers. The most common attacks begin from web forms, that will allow a hacker to gain control over an entire database of passwords. For example, imagine what would happen if someone got hold of your internet banking account details, alongside with other users' login details.
The mostly used web applications are made with PHP and MySQL database as backend. In order to protect passwords stored in a MySQL database there are a few tips that could increase the overall security of your web site. If you design login forms that collect user details in a MySQL database, you must not store the passwords in plain text. They must be encrypted using any available algorithms, such as MD5, which is supported by MySQL. MD5 is a one way encryption algorithm, meaning that the plain text version of the password cannot be recovered even if someone cracks the administrator access password to the MySQL database.
The root password must be changed from the first login as database administrator, because in most of MySQL distribution, the root user has all the privileges granted and has no password assigned. You can also manage access to the MySQL server by changing the MySQL configuration file. The type of password is also important. You should require your users to define strong passwords, which are usually made of 12-14 characters and contain letters and numbers. You can do this by implementing a password strength validation script in the form processing mechanism. There are not universal rules that will guarantee a full protection of passwords stored in databases, but the form processing is also important, due to the fact that most databases attacks look for the processing mechanism's nature in the first place.