You may also want to learn linux, PHP and SQL if you are going to do any website work as well as learning how to setup and secure a webserver such as
Apache which can be more complex than you think along with security plugins (mods), also C++ and even HTML5 may be useful, you could even rent a dedicated server or even a very cheap virtual private server to learn on. I once protected a very badly coded website from hacking and sabotage attempts, I was thrown in at the deep end which although not always ideal is often the fastest way to learn. You also have to learn how to hack in order to learn how to defend against it, obviously you never hack anything yourself without permission as this is a criminal offence in most countries these days, but you can still learn about it along with ways to defend against it, you can also attempt to hack your own system to test your security. Cybersecurity is something you have to keep up to date with however as hackers discover new vulnerabilities all the time.
When storing passwords they should never ever be stored as plain text, but you'll be surprised how many servers still do this and how many
database / password leaks there are (a large proportion of people on the Internet will find that they've been pwned by checking their email or username on the site I've just linked to). The current recognised method for "storing" passwords is
bcrypt, well in fact they're not really stored at all (they are hashed). An algorithm is then run after a person types in their password and the result is then compared with a code stored in the database. The stored data however cannot be converted back into passwords and even the sysop couldn't tell you someone's password if they didn't know it. That said if people use weak passwords brute force and dictionary attacks can be used to crack them (if you are running a website it's best to have a decent
captcha system to help prevent brute force / dictionary attack bots Etc. and there are various other defensive methods which I could literally write a good few pages about if I wanted), this risk can be reduced by enforcing strong password security parameters when people sign up to a site. Another method for obtaining people's passwords is from other leaks which I mentioned earlier, but it's common for a person to use the same password on multiple sites which a hacker could test (they will often use a bot to do this with masses of users). Once I found that a number of accounts on a site were being compromised after usernames and passwords were leaked from another website that I didn't administer, I then uploaded the leaked database to the server and blocked any member username / password combination found on this database from logging in, forcing them to re-verify their email address and change their password to something more secure.
Please see the following video, if everyone watched this a lot more people would use much stronger passwords:
Edit: Note that lots of sites still use non recommended MD5 password hashes at the time of writing that used to be considered secure, so everyone should ensure that their online passwords are very strong and unique, a password like kTu7w^huq#SI!V^VP3sJ would be close to impossible to crack for the foreseeable future even if hashed using MD5. Using a password manager such as
LastPass or
KeePass can help generate strong unique passwords such as this one and keep track of them, but make sure your master password is super strong too.
All this is just one subject regarding cyber security. Another is vulnerable code, bad PHP coding can be vulnerable to
SQL injection attacks for instance.
