How can we defend against social engineering database hacker attacks?

When it comes to social engineering libraries, the data is becoming increasingly large and detailed, and the threat level is increasing. Among them, the most threatening is the password library, which is also the largest and has the widest impact. The main sources of the password library will not be mentioned. Various types of database theft ......The password format is mainly divided into the following types:The first is the unencrypted plaintext password, which has the highest threat level. (I have to say how powerful this site stores plaintext passwords! Even more sadly, there are many such sites !!) The other is encrypted ciphertext, and the threat level depends on the encryption level. The third type is to decrypt password ciphertext at a low cost, such as MD5 only once, and other low-intensity encryption algorithms, with the highest level of threat. The ciphertext cannot be decrypted. The situation is better, and there is no major impact for the time being. However, the costs of plain text and deciphering are very low, so we don't want to use them anymore. Everyone knows. How to defend against such attacks is aimed at leaked plaintext passwords.Currently, there are roughly two defense methods:1. Use your own "abstract password memory solution", which is equivalent to a "password algorithm" of your own, a string that only you know what it means, such as nuyo0w, a variant of the string WooYun, to a certain extent, attackers are at a loss. But for senior hackers, the password pattern may still be guessed. The most important thing is that it is still plain text! (Better yet, separate important passwords from General cryptographic algorithms) Disadvantages: Increase the memory cost. If multiple passwords are used, they will be messy and cannot prevent high-level hacker guesses. 2. Non-memory password solution, that is, a password processing tool such as the password generator and key manager needs to provide an original password and salt to generate an irregular High-strength "plaintext" password, even if a website exposes this "plaintext" password, hackers cannot perform any other purposes except this website, and cannot guess the password rules, making the social engineering library completely meaningless. Advantage: it is useless to crack the program algorithm because the original key or salt needs to be provided (protecting your original key from appearing anywhere). Otherwise, the ciphertext cannot be generated and the intensity is extremely high !!! Disadvantages: ease of use is relatively poor, because an encryption program is required at any time (it may be better to make a Web online version). If not, you cannot log on to your account.