0
0
Flaskframework~5 mins

Password storage best practices in Flask - Cheat Sheet & Quick Revision

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
Why should passwords never be stored in plain text?
Storing passwords in plain text is dangerous because if the database is hacked, attackers get direct access to user passwords. This can lead to account theft and further security breaches.
Click to reveal answer
beginner
What is hashing in the context of password storage?
Hashing is a one-way process that converts a password into a fixed-length string of characters. It is designed so you cannot reverse it to get the original password, making it safer to store.
Click to reveal answer
intermediate
What role does a salt play in password hashing?
A salt is a random string added to a password before hashing. It ensures that even if two users have the same password, their hashes will be different, protecting against attacks using precomputed tables.
Click to reveal answer
beginner
Which Python library is recommended for secure password hashing in Flask?
The 'werkzeug.security' module is recommended in Flask. It provides functions like generate_password_hash() and check_password_hash() to safely hash and verify passwords.
Click to reveal answer
intermediate
Why is using a slow hashing algorithm important for password storage?
Slow hashing algorithms make it harder for attackers to try many password guesses quickly. This reduces the risk of brute-force attacks and improves security.
Click to reveal answer
Which of the following is the safest way to store passwords in a Flask app?
AHash passwords using SHA-1 without salt
BUse werkzeug.security's generate_password_hash with salt
CStore passwords as plain text in the database
DEncrypt passwords with reversible encryption
What does adding a salt to a password hash prevent?
ARainbow table attacks
BPassword length issues
CPassword reuse by users
DDatabase connection errors
Which function in Flask's Werkzeug library checks if a password matches its hash?
Averify_password()
Bvalidate_password()
Ccheck_password_hash()
Dcompare_hash()
Why should password hashing algorithms be slow?
ATo make brute-force attacks slower
BTo save server resources
CTo speed up user login
DTo reduce password length
What is a common hashing algorithm used by generate_password_hash in Flask?
AMD5
BSHA-256
CBase64
DPBKDF2
Explain the steps you would take to securely store user passwords in a Flask application.
Think about how to protect passwords from attackers if the database is leaked.
You got /5 concepts.
    Describe why salting passwords is important and how it improves security.
    Consider what happens if two users have the same password.
    You got /4 concepts.