![Ruto’s Govt Opens 92 New Police Stations Nationwide Immediately [List]]( https://thekenyatimescdn-ese7d3e7ghdnbfa9.z01.azurefd.net/prodimages/uploads/2025/08/Police-IG-Kanja-2025-360x180.png "Ruto’s Govt Opens 92 New Police Stations Nationwide Immediately [List]")
In a bid to strengthen digital security across the country, the Kenyan government has released updated guidelines on how individuals, businesses, and institutions should store passwords and protect sensitive data.
These recommendations, announced by the government through the Directorate of Criminal Investigation (DCI), are part of the broader National Cybersecurity Strategy 2025–2029, which aims to make Kenya’s cyberspace safer, more resilient, and aligned with global standards.
Govt Issues New Cybersecurity Guidelines
Passwords are the first line of defense against cybercriminals, but weak or poorly stored passwords can be easily exploited, leading to data breaches, financial losses, and identity theft.
The government’s new guidelines state that storing passwords as plain text is dangerous and should be avoided at all costs.
Instead, the strategy recommends using advanced techniques to scramble and protect passwords.
These include:
- Hashing: Converts a password into a secret code that cannot be reversed.
- Salting: Adds a random value to each password before hashing to make it unique.
- Peppering: Adds an extra secret value known only to the server.
- Key Stretching: Slows down and complicates the scrambling process.
These methods make it extremely difficult for hackers to retrieve original passwords, even if they gain access to the database.
-
Hashing
Hashing is the process of turning a password into a secret code using a mathematical formula.
Once a password is hashed, it cannot be changed back to its original form.
This protects the password even if someone were to steal the database.
Example: mypassword123 becomes something like 5f4dcc3b5aa765d61d8327deb882cf99.
Even if hackers obtain this code, they can’t easily determine the actual password.
-
Salting
Salting adds a random value (called a “salt”) to each password before it is hashed.
This ensures that every password is unique, even if two people use the same password.
- Without salting: Two users with the same password (mypassword123) will have the same hash.
- With salting, each user’s password will have a unique hash due to the added salt.
This stops hackers from using pre-made lists of common password hashes (called “rainbow tables”).
-
Peppering
Peppering adds another secret value to the password before hashing, but this value is not stored in the database, as it is known only to the server or system.
To understand better, think of peppering as a hidden ingredient in a recipe.
Even if hackers steal the database, they won’t have the pepper, making it harder to crack the password.
Peppering works best when combined with hashing and salting.
-
Key Stretching
Key stretching makes the hashing process slower and more complex.
This helps protect against brute-force attacks, where hackers try millions of password guesses quickly.
Key stretching utilizes tools like PBKDF2, bcrypt, or scrypt, which repeat the hashing process multiple times, making it more difficult and time-consuming for hackers to guess passwords.
Even if a hacker has a powerful computer, key stretching slows them down.
Why Use All Four Together?
Using hashing, salting, peppering, and key stretching together creates a strong defense system.
Also Read: Ruto Announces Plans to Confer City Status on County in Mt. Kenya Region
Each method adds a layer of protection, making it extremely difficult for attackers to break into password databases.
Extra Safety Measures for Organizations
For businesses and government agencies, the new strategy outlines additional steps to secure password systems:
- Use strong password reset mechanisms.
- Keep detailed logs of who changes passwords and when.
- Follow privacy laws, such as the Data Protection Act 2019, and international standards, including the GDPR.
- Conduct regular audits and vulnerability assessments.
These measures are especially important for organizations that handle sensitive data, such as banks, hospitals, and government portals like eCitizen.
Emerging Threats in 2025
The government’s new cybersecurity strategy also addresses emerging threats, including AI-powered cyberattacks, deepfake scams, and ransomware-as-a-service.
Also Read: Ruto Issues Directive to All PSs on Program Granting Ksh50,000 to Kenyan Youth
These sophisticated attacks are becoming more common and harder to detect, and to counter them, the government encourages:
- Encrypting sensitive data.
- Using AI-driven security tools.
- Training staff to recognize phishing and social engineering tactics.
- Strengthening cloud security protocols.
The government concluded that successful implementation will require collaboration, education, and support, particularly for smaller organizations and everyday users.
Follow our WhatsApp Channel and X Account for real-time news updates.
