By Ryan McBridein
cybersecurity
·

Myth of the "Trash Can"

Myth of the "Trash Can"

Let’s be honest: you probably have at least one terrible password that you reuse everywhere. And if you’ve ever clicked "Forgot Password" and the website actually emailed you your exact password back, you should probably delete that account immediately.

Why? Because if a website knows your actual password, that means a hacker who breaks into their system will know it, too.

Welcome to the hidden world of cybersecurity. Every time you log in, send a text, or even just empty the trash bin on your laptop, a massive invisible war of mathematics is happening behind the scenes. Here is the ultimate cheat sheet on how your data actually stays safe online—and why passwords are about to go extinct.

The Meat Grinder: Hashing and Salting
Good websites never save your actual password. Instead, they use a one-way math trick called hashing.

Think of a hash function like a meat grinder. You put a password (like "apple") into the grinder, and it spits out a long, random-looking string of letters and numbers (the hash). You can’t put the hamburger back into the grinder and get the cow back. It’s irreversible. When you log in, the server just hashes what you typed and checks if it matches the hash they have on file.

But there’s a flaw. If you and your best friend both use the password "apple," your hashes will look exactly the same. Hackers know this and use massive cheat sheets called "rainbow tables" to guess passwords instantly.

To fix this, cybersecurity pros use salting. Before hashing your password, the system sprinkles a few random letters and numbers (the "salt") onto it. Now, even if a million people use the password "apple," every single one gets a completely unique hash.

The Ultimate Secret Code: Encryption
Hashing is great for passwords because it’s a one-way street. But what if you want to send a secret text message to a friend? You need to be able to unscramble it. That’s where encryption comes in.

The old-school way to do this is Symmetric Encryption. You and your friend share a secret key. You use the key to scramble the message, and they use the exact same key to unscramble it. The problem? How do you securely give your friend the key over the internet without a hacker intercepting it? It’s a classic chicken-and-egg problem.

The mind-blowing solution is Asymmetric Encryption (or Public Key Cryptography). Instead of one key, you get two:
A Public Key: You can share this with the entire world. Think of it like an open padlock.
A Private Key: You keep this totally secret on your device. It’s the only thing that can unlock the padlock.

If your friend wants to send you a secret, they lock it with your Public Key. Even if a hacker intercepts it, they can’t read it. Only you can unlock it using your Private Key. Problem solved!

Say Goodbye to Passwords
What if we run that public/private key math backward? If you lock a document with your Private Key, anyone can unlock it with your Public Key. But wait—if anyone can unlock it, it’s not a secret anymore, right?

True, but it proves something incredibly valuable: Identity. Since you are the only person on earth with your Private Key, if your Public Key unlocks the message, it proves you were the one who sent it. This is called a Digital Signature.

This exact concept is what will finally kill the password. Tech companies are currently rolling out Passkeys. Soon, instead of creating a password, your phone will just generate a hidden key pair. When you want to log in, the website sends a math puzzle. Your phone uses FaceID or your fingerprint to unlock your Private Key, signs the puzzle, and sends it back. You log in instantly. No passwords to remember, and nothing for hackers to steal.

The Myth of the Trash Can
Securing data isn't just about sending messages; it's also about what happens on your physical devices.

Here is a shocking truth: Emptying the "Trash" or "Recycle Bin" on your computer does not delete your files.

When you empty the trash, your computer is basically just ripping the table of contents out of a book. The chapters are still there; the computer just tells the system, "Hey, feel free to write over these pages whenever you need space." Until that space gets overwritten by a new downloaded file or app, a hacker can easily recover your "deleted" photos and documents.

To actually protect your stuff, you need Full-Disk Encryption. This scrambles your entire hard drive when your computer is asleep or powered off. If someone steals your laptop from a coffee shop, they can't access your files. Without your password to unscramble the drive, your data just looks like endless, random garbage.

The Final Boss: Quantum Computers
Right now, all of this security relies on the fact that the math is just too hard for modern computers to crack. A hacker could spend a million years trying to guess your private key and still fail.

But there is a ticking clock: Quantum Computers. While normal computers think in "bits" (1s and 0s), quantum computers use "qubits," which can be a 1 and a 0 at the exact same time. This allows them to process massive, complex calculations exponentially faster than anything we have today.

If a hacker gets a working quantum computer before we update our cybersecurity, they could crack the internet's math instantly. Luckily, the world’s smartest people are already working on quantum-proof encryption.

The internet is basically an endless game of cat and mouse. Hackers figure out a trick, and computer scientists invent new math to stop them. But as long as you use passkeys, turn on device encryption, and stop reusing the word "password123", you'll be well ahead of the game.