Sometimes it only takes a minute to crack a password (Kaspersky)

Business Beth REPORT
Sometimes it only takes a minute to crack a password (Kaspersky)
Sometimes it only takes a minute to crack a password (Kaspersky)

(KASPERSKY) – A study by Kaspersky experts reveals that almost half of passwords can be guessed by cybercriminals in less than a minute. The conclusions of the report, sifting through 193 million passwords made available on the Dark Web, hacked by infostealers, by brute force, or via intelligent algorithms, are edifying.

According to the results of research conducted by Kaspersky experts, 45% of analyzed passwords (87 million) can be guessed by cybercriminals within a minute. The researchers also identified the most frequently used character combinations when creating passwords. Only 23% of combinations (44 million) proved difficult enough to decrypt to thwart the fraudsters’ attempts, which took more than a year to achieve.

Kaspersky telemetry data reveals that more than 32 million password stealer attack attempts targeted individuals in 2023, numbers that underscore the critical importance of good digital hygiene and having a proactive password strategy in place.

In June 2024, Kaspersky analyzed 193 million passwords found in the public domain on various Dark Web resources. The results indicate that the majority of passwords examined are not strong enough and can be easily compromised using smart algorithms.

The speed of password compromise is distributed as follows:

  • – 45% (87 million) in less than a minute.
  • – 14% (27 million) between 1 minute and 1 hour.
  • – 8% (15 million) between 1 hour and 1 day.
  • – 6% (12 million) between 1 day and 1 month.
  • – 4% (8 million) between 1 month and 1 year.

Experts identified only 23% (44 million) of passwords as persistent, meaning they would take more than a year to compromise.

The majority of passwords examined (57%) contain a dictionary word, which significantly reduces the strength of a password. Among the most commonly used vocabulary sequences, several groups can be distinguished:

  • – Proper nouns: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”.
  • – Popular words: “forever”, “love”, “google”, “hacker”, “gamer”.
  • – Mots de passe standard : « password », « qwerty12345 », « admin », « 12345 », « team».

The analysis showed that only 19% of passwords contain signs of a strong, difficult-to-crack combination, such as a non-dictionary word, lowercase and uppercase letters, as well as numbers and symbols, and no words from the standard dictionary. At the same time, the study found that 39% of these passwords can be guessed in less than an hour using intelligent algorithms.

Perhaps the most worrying point is that attackers do not need extensive knowledge or expensive equipment to crack passwords. A standard, high-performance laptop processor will be able to find the correct combination for a password of 8 lowercase letters or numbers using brute force in just 7 minutes. Recent graphics cards can even complete the task in 17 seconds. Additionally, intelligent password guessing algorithms easily decipher character replacements such as “e” with “3”, “1” with “!” ” or “a” with “@”, as well as popular sequences such as “qwerty”, “12345”, “asdfg”.

“Unconsciously, humans create “human” passwords, containing dictionary words in their native language, names, numbers, etc., all of which are easy for our already well-trained brains to remember. Even seemingly strong combinations are rarely completely random and can therefore be guessed by algorithms. In these conditions, the most reliable solution is to generate completely random passwords using password managers. These applications can securely store large volumes of data, thus providing complete and strong protection of user data.” comments Yuliya Novikova, Head of Kaspersky’s Digital Footprint Intelligence Team.

More information about the study on SecureList and on the Kaspersky blog.

About the study

The study was conducted on the basis of 193 million passwords found on various public resources of the Dark Web. As part of their investigation, Kaspersky researchers used the following algorithms to guess passwords:

  • Bruteforce – Brute force is a method of guessing a password that involves systematically trying all possible combinations of characters until the correct one is found.
  • Zxcvbn – This is an advanced scoring algorithm available on GitHub. For an existing password, the algorithm determines its pattern. Next, the algorithm counts the number of search iterations needed for each element in the schema. So, if the password contains a word, its search will take a number of iterations equal to the length of the dictionary. By having the search time for each element in the pattern, we can calculate the strength of the password.
  • Smart guessing algorithm – it is a learning algorithm. Based on all users’ passwords, it can calculate the frequency of different character combinations. It can then generate tests from the most frequent variants and their combination down to the least frequent ones.
    Forward Global News

-

-

PREV Values ​​to follow in Paris and in Europe – 01/07/2024 at 09:03
NEXT Gas prices, DPE, savings plan… What’s changing on July 1, 2024

Related posts

Klaus Schwab, founder of the World Economic Forum, accused of sexual harassment, discrimination, etc.

This Chinese manufacturer ignores European taxes and guarantees rock-bottom prices

Back-to-school allowance: we know when the aid of up to 450 euros will be paid

strong participation of national and international management companies in the call for expressions of interest launched by the FM6I