In a comprehensive study by Kaspersky (www.Kaspersky.co.za), experts assessed the resistance of 193 million English passwords, compromised by infostealers and available on the darknet, to brute force and smart guessing attacks. The results were alarming: 45% of the analyzed passwords (87 million) could be guessed by scammers within a minute. Only 23% (44 million) were robust enough to withstand cracking attempts for more than a year.
According to the research (http://apo-opa.co/4cbmMOk), Kaspersky’s telemetry indicated over 32 million attempts to attack users with password stealers in 2023 alone, highlighting the urgent need for stronger digital hygiene and timely password policies.
Key Findings:
– 45% (87M) of passwords can be cracked in under a minute.
– 14% (27M) can be cracked within an hour.
– 8% (15M) can be cracked within a day.
– 6% (12M) can be cracked within a month.
– 4% (8M) can be cracked within a year.
– Only 23% (44M) are resilient for over a year.
The study revealed that 57% of the passwords contained dictionary words, significantly reducing their strength. Common patterns included:
– Names: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”.
– Popular Words: “forever”, “love”, “google”, “hacker”, “gamer”.
– Standard Passwords: “password”, “qwerty12345”, “admin”, “12345”, “team”.
Alarmingly, only 19% of passwords exhibited signs of strength, such as a mix of lowercase and uppercase letters, numbers, and symbols. Even among these, 39% could be guessed in under an hour using smart algorithms.
Password Cracking Insights:
– A powerful laptop processor can crack an 8-character password of lowercase letters or digits in just 7 minutes using brute force.
– Modern video cards can accomplish the same task in 17 seconds.
– Smart algorithms consider character replacements (e.g., “e” with “3”, “1” with “!” or “a” with “@”) and common sequences (“qwerty”, “12345”, “asdfg”).
Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky, stated, “Humans tend to create ‘human’ passwords, often using dictionary words, names, and numbers. Even seemingly strong combinations are rarely completely random and can be guessed by algorithms. The most reliable solution is to generate a completely random password using modern and reliable password managers like Kaspersky Password Manager.”
Tips for Stronger Passwords:
1. Use Unique Passwords: Each service should have a different password to prevent widespread breaches.
2. Create Passphrases: Use unexpected words arranged in unusual orders.
3. Avoid Personal Information: Don’t use easily guessable information like birthdays or family names.
4. Use Password Managers: Memorize one master password with tools like Kaspersky Password Manager (http://apo-opa.co/3XuZDlm).
5. Enable Two-Factor Authentication (2FA): Adds an extra layer of security.
6. Use Reliable Security Solutions: Products like Kaspersky Premium (http://apo-opa.co/4cbAC3o) offer enhanced protection by monitoring the Internet and Dark Web for password vulnerabilities.
The study underscores the critical importance of adopting strong password practices and leveraging modern security solutions to protect against increasingly sophisticated cyber threats.
