Password management best practices are typically aimed at the user, but businesses play a large and extremely important role in protecting user account data, and that includes employing database security fundamentals to lockdown passwords and email addresses, according to security experts.

That doesn’t mean adding salt to a strong hashing algorithm, according to Josh Shaul, chief technology officer of Application Security Inc.

Although salting would help, passwords protected by MD5 and SHA can be cracked by a determined cybercriminal in a few minutes or hours, Shaul said. Instead, the right approach is to add reliable database protections to keep unwanted visitors out of the database in the first place, he said. Learn more for Database security assessment vital to password protection