An internal web application stores user passwords in cleartext. What is the MOST appropriate action to mitigate this risk?

• A. Encrypt the passwords with symmetric encryption and a master key.
• B. Hash the passwords using a secure hashing algorithm with salting.
• C. Hash the passwords without any salt.
• D. Keep passwords in cleartext but move the database behind a stronger firewall.

Answer: (B)

When passwords are stored securely, they should be transformed into something non-reversible that protects them even if the database is accessed by an attacker. Using a unique salt per password and hashing with a modern, slow algorithm (like bcrypt, scrypt, or Argon2) achieves this. The salt ensures that identical passwords become different hashes and prevents precomputed rainbow-table attacks, while the slow hashing makes brute-forcing impractical.

Storing with symmetric encryption and a master key is not ideal because it’s reversible—if the key is compromised, all passwords can be recovered. Hashing without a salt allows attackers to use precomputed tables and see identical hashes for the same passwords. Keeping passwords in cleartext behind a firewall offers no real protection if the database is breached. Therefore, the best mitigation is to store salted hashes using a strong, adaptive hashing method.