News

How to create a strong and secure password

25-08-2021

Nowadays, the Internet is our reality. We store countless quantities of data, money and memories on it and that is why network security issues are so important. In the crypto market, security is even more important, and you need to be cautious and very vigilant as we are seeing a high number of break-ins and hearing about data leaks and various types of attacks. During the years of the existence of the exchange, we have observed several basic mistakes that Internet users make. The password is the basic element which we usually create so that it is easy to remember. However, it is noteworthy that the simpler and more popular it is, the easier it will be to break. The other thing, of course, is to adequately protect such data, i.e. it is best not to write down passwords anywhere; it is best to keep them in your memory. Another issue is to have separate passwords for different platforms; you should try to have a different one for each account. For more information on password creation and password breaking methods, see the article below. We encourage you to read it and put the valuable tips into practice to be safe online.

Uniqueness of passwords

As the methods used by hackers show, it is indeed important to have a unique password for each service. Reusing a password for a valid account is risky. If someone were to learn the password to one of your accounts, they could also gain access to your e-mail, address, funds and any other sensitive data without even mentioning it.

Data leaks

If login details are leaked from any service, criminals collect e-mail addresses or logins. Then, with the help of the methods we have described in this article, they break simple passwords and see if they can use the same data for other services or an e-mail account or any other service. If so, the criminal gains access to your accounts or, even worse, your e-mail account. If an attacker has access to your e-mail account, they will be able to take over almost all of your accounts on other sites that are linked to your e-mail address. All the cybercriminal has to do is click "forgot password" on a selected service, enter the corresponding e-mail address and then follow the password reset instructions that are sent to the email account they have access to. This is why on BitBay, password reminders are secured by providing a login rather than an e-mail address. How to check if your data has been leaked? You can do so at https://haveibeenpwned.com

Password strength

Passwords should be sufficiently complex so that they are not easy to guess or break. The strength of a password is determined by the number of characters (the longer, the better), the use of upper and lower case letters, numbers and special characters (e.g. @; %; !). So how can I remember each unique password for all my accounts? To solve this problem, password managers come to our aid. These are applications that allow you to store your passwords securely. There are many solutions on the market that allow you to store passwords both online and as a file on your device.

If you do not want to use a password manager, which we encourage you to do, it is worth remembering that your password should not be a keyboard pattern (e.g. qwerty, 12345890), should not contain your username or part of your e-mail address, should not contain your name and should not be on the list of the most popular passwords used on websites. You can check the most popular passwords on Wikipedia. The best way to create strong passwords is to generate them with the right tools. Random password generators are offered by most password managers.

How do criminals break our passwords?

Finally, we will look at how hackers are most likely to get hold of our passwords, and thus show you what to look out for when creating a password and why strong security is important. What is a password hash and what does it have to do with our password? In order to understand how passwords are broken, it is first necessary to know some basic concepts. According to good practice, users’ passwords should be stored in the form of so-called hashes. A password hash is the result of the selected hash function, into which we enter the password of a given user. The resulting hash has several characteristic features. • Each hash, no matter how long the user's password is, has the same length. It does not matter whether a password consists of 4 characters or 4,000 characters, its hash will always have the same number of characters  looking at the hash alone it is not possible to deduce how many characters the password consists of. • Hashing functions, as a result of a small change in the input data, produce completely different results. Example: mom.dad  338f354315fab5214b55cb71d56da1eee6a03c49a39f26cfcf1c15c739d3e39d mom,dad  9b802e3e2497b4eb86e18ffab299d2da945bc8fa7907f156b6b38806f15a13a0. Therefore, even a small difference in the input data is very easy to recognise. • Hashing functions are one-way functions, i.e. we are not able to open a password from a hash. However, there are methods to guess a password by knowing its hash. Here are three ways to carry out such an operation.

Generating hashes from every possible combination of characters

In this case, the longer the password, the more time is required to break it. The hacker has to check more combinations, which definitely makes their task more difficult.

Dictionary method

This method involves creating passwords from words found in the dictionary, passwords extracted from leaks and common variations of one and the other. For example, it is common practice to check words with "a" substituted for "@", to change the first letter of a password from lower case to upper case, or to add "1" or "!" at the end.

Rainbow Table attack

An attack using a database of already known hashes of popular passwords.