“Change your passwords now. Like, every password you use on every website you have ever visited.” You may have heard this advice from tech publications and mainstream rags after password leaks were discovered at LinkedIn, eHarmony and Last.fm. It is a good idea to change passwords at least a couple times a year anyway. But the problem does not lie solely with the users. It also lies with the way companies approach password security.
Since the leaks were revealed, tech pundits have been feigning outrage over LinkedIn’s subpar salting and hashing of passwords. In fact, LinkedIn did not salt passwords at all. For the sake of clarity, let’s define what those terms actually mean.