Social Media Password Encryption Simplified

Social media password security is not a joke. After having my LinkedIn account hacked a week ago, I went full-mode on security protocols, enabling 2FAs and ensured all log-ins on all online accounts are monitored and sent to my emails.

But, this incident also made me re-inspect about cybersecurity, data protection and encryption. It made me realize how social media platforms are properly using these tools to protect their data and that of their users.

For you who breathe more than half of your life online and who maintain social media accounts on almost all platforms, it’s important to understand the manner in which your social media platforms protect your data and your privacy. So, here’s a simple basics on encryption. This is to allow you to re-inspect your password security and to be more aware of creating stronger social media passwords. This is very important in an online world where hacking is real and data breach is as real as your last heartbreak.

What is Encryption?

Encryption is turning readable data (called plaintext) into unreadable data (called ciphertext). This way, even if someone sees your data, they won’t be able to make sense of it without the key to unlock it. So, your plaintext social media password is turned into ciphertext when you enter it in a social media platform.

Here’s an easy way to think about encryption:

• Plaintext: Your original password (e.g., "8%0409Pjk!").
• Ciphertext: The encrypted version of your message (e.g., "XkP9!47z#1").
• Key: The secret code used to turn the plaintext into ciphertext.

So, in the world of online encryption, there are many encryption processes that different social media platforms use to encrypt or create ciphertext for your plain password. But, what’s more important is for you to understand how the encryption process looks like and how social media platforms store your passwords. This is the most sensitive process that sometimes make or break your data protection. The process of creating ciphertext, its storage along with the key and retrieval of both is where data breach can most likely happen. 

The Process of Social Media Password Encryption

Once the program reads your plain text social media password, it encrypts it using a special recipe, called an encryption algorithm, and a secret key.

Here’s how the program turns the plaintext password into ciphertext:

• The algorithm is a complex set of instructions that scrambles the password
• The key is a secret code used to control how the password is scrambled.

So, if the algorithm is like a lock, the key is what turns the lock and scrambles your password. The output of this process is called ciphertext, which looks like random gibberish.

• Example: If your plain text password is "MySecret123", after encryption it might look something like this: "4yQw7!zRp9$".
• Ciphertext Password: This is the scrambled version of your password that no one can understand without the key.

Storing Your Social Media Password

Now that your password is encrypted, the program stores the ciphertext in a database or file. This way, even if someone breaks into the database and steals the passwords, all they’ll see is the gibberish ciphertext. The stored password would look like "4yQw7!zRp9$" instead of "MySecret123". No one, not even the program itself, can read the original password without the encryption key.

Retrieving your Password from the Storage

This is called decryption. It means using the key to turn the ciphertext back into your password. When you want to log back in to your account, the program needs to check if the password you entered matches the one stored in the database.

The process would be:

1. You enter your password again, like "MySecret123".
2. The program retrieves the stored ciphertext, "4yQw7!zRp9$".
3. Using the same key that was used to encrypt the password, the program decrypts the ciphertext back into the original plain text password.
• Decryption is like unlocking the scrambled message using the key.
4. If the decrypted text matches the password you entered, the program knows it's the correct password.

• Plaintext Password: "MySecret123" (original)
• Ciphertext: "4yQw7!zRp9$" (stored in the database)
• Decryption Key: The secret code that turns the gibberish back into "MySecret123".

Advanced Encryption Standard or AES

So now that you must fairly understand the Encryption, Storage and Decryption process that social media platforms use for your passwords, it’s time to explain more about the key. There are different ways in which different algorithms use a key to encrypt or decrypt your social media password so we will need to go over first that for you to understand about the encryption key.

There are standards and advanced systems of encryption/decryption available. One of the most powerful algorithms is Advanced Encryption Standard or AES.  How does it work?

• Step 1: Break your message into pieces. AES splits the message into small chunks or blocks.
• Step 2: Scramble each piece multiple times. AES scrambles each block of the message multiple times. It is called rounds.
• Step 3: Use a secret code. AES uses a secret code, called key, to control how it scrambles and unscrambles your data.

The AES Encryption process

·       AES uses an encryption key from 128 bits, 192 bits, or 256 bits long. Bits are like tiny puzzle pieces. The longer the key, the harder it is to crack. So compared to a 128-bit key, 256-bit key is harder to crack.

·       AES takes your data and divides it into chunks called blocks. Each block is 128 bits (which is just a way to measure the size. So, if your password is "MySecret123” AES breaks it into manageable pieces.

·       AES doesn’t scramble your data just once. It scrambles it multiple times using different transformations:

• SubBytes: It replaces each byte (tiny piece of data) with another byte from a predefined table.
• ShiftRows: It shifts the rows of the data, making it even more scrambled.
• MixColumns: It mixes up the columns of data.
• AddRoundKey: AES also adds a part of the key to make sure the scrambling is linked to the secret code.

The number of rounds depends on the key length. The stronger the key, the more rounds it goes through. So, using a 256-bit encryption key needs more rounds and take longer to encrypt.

If My Social Media Passwords are Encrypted, Why Should I Worry?

Yes, social media platforms encrypt your passwords. But, it doesn’t mean it’s unbreakable. As you can see algorithms have processes to follow and when someone explicitly wants to break your password by doing a try-it-all process (brute force attack), it is possible. In principle, no password is un-breakable. The thing is, breaking your password is just a matter of time. So, the technique? Create a social media password that is long enough and with complexity combinations to make it hard for hackers to steal them. According to Hive Systems, an 8-character password with a combination of uppercase and lowercase letters, numbers and symbols can be cracked in 7 years. No hacker in his right mind would even try to crack a password of this kind. He'll die trying.

But, remember, this goes for social media passwords that do not form patterns like ABC, 123 or common words like PASSWORD. Make your passwords hard to guess. Avoiding patterned words, letters or numbers make it harder for hackers to guess. Use random and complex combinations. Also, most social media platforms provide 2FA and security questions. Enable these to ensure additional protection.  

Cybersecurity is a serious concern. Threats are everywhere, especially with how humans are using Artificial Intelligence to exploit loopholes in weak cybersecurity measures. Don't become the next victim of cybersecurity attacks. 

Remember, your social media password can be stolen and used to exploit and scam others. Don’t let it happen to you. Make your passwords are hacker-proof - use the right combinations and length. Change them as often as possible.