fast international shipping
ISO 9001/27001 Corporate certification
Manufacturer certified experts for your project-
fast international shippingISO 9001/27001 Corporate certificationManufacturer certified experts for your project
Whether social media, music and video platforms or online shops - creating an account offers many advantages with many internet services. Registration is usually easy. You can quickly enter your e-mail address and the password you have already used for the last five accounts. But in times when the words "cybercrime" and "data theft" have entered the vernacular, your accounts and your associated private data are more insecure than ever.
In most cases, users' account information, especially passwords, are not backed up in plain text in a database. Instead, when creating an account or retrieving a password, most companies use what is known as a hashing function, where a password of any length is compressed into a unique value of uniform length before being transmitted. In this case, it is called a one-way function - the plaintext password cannot be determined from the generated value. In the event of data theft, these hash values are therefore useless.
At least this is the theory, but there are ways and means to circumvent this mathematical obfuscation. One method is the use of so-called "rainbow tables". Behind this colourful name is a table in which millions of known plaintext passwords are stored with the corresponding hash value. These were either created by the user or previously stolen data. If a user therefore uses a password from the tables, it can be cracked within seconds using the aforementioned method.
Another very popular attack is a combination of Rainbow Tables and a so-called "brute force attack". Here, known plaintext passwords from the Rainbow Table are "mutated" with the help of parameters. In this way, unknown passwords that are only partially available in the Rainbow Table can also be guessed (e.g. names with subsequent date of birth). The newly generated passwords only have to be hashed before the database comparison. This method is much more time-consuming, but it is quite effective for guessing "simple" passwords with low complexity.
Another method that is used even less nowadays is the pure "brute force attack". Here, all possible combinations of numbers and letters are simply tested sequentially until there is a match. The whole thing is often used with more complex passwords where conditions are known (e.g. maximum number of characters or the absence of special characters).
To prevent the situation described above, it is advisable to use a new, preferably unique password for each new account. This means that you should try not to use "simple" passwords such as names, words or popular password combinations (e.g. "password123"). Of course, these passwords are easy to remember, but as is often the case with IT security, you have a choice between convenience and security.
The reason why some online services ask you to use upper and lower case letters as well as numbers or special characters in your password has to do with the complexity of the resulting passwords. Guessing a 16-character password with all types of characters using a brute-force attack is significantly more time-consuming than a password of the same length that only consists of upper and lower case letters.
Usually, an 8-character password with pseudo-random characters is considered secure. This is because there are also methods to create and remember a password that seems complex at first glance. For example, you can construct a password using sentences. This is how the first part of Joachim Ringelnatz's poem "The Ants" becomes
"In Hamburg lived two ants
Who wanted to travel to Australia".
becomes the password
"!HAMl2AdwnAU5r"
This password fulfils all the recommended criteria and may even make you smile.