A study by Kaspersky experts reveals that almost half of passwords can be guessed by cybercriminals in less than a minute. The findings of the report, which sifts through 193 million passwords made available on the Dark Web, hacked by infostealers, brute force, or via intelligent algorithms, are edifying.
According to the results of the research conducted by Kaspersky experts, 45% of the analyzed passwords (87 million) can be guessed by cybercriminals within a minute. The researchers also identified the most frequently used character combinations when creating passwords. Only 23% of the combinations (44 million) turned out to be difficult enough to decrypt to foil the fraudsters’ attempts, which took them more than a year to do so.
Kaspersky telemetry data reveals that more than 32 million password stealer attack attempts targeted individuals in 2023, numbers that underscore the critical importance of good digital hygiene and having a proactive password strategy in place.
As of June 2024, Kaspersky analyzed 193 million passwords found in the public domain on various Dark Web resources. The results indicate that the majority of passwords examined are not strong enough and can be easily compromised using intelligent algorithms.
The speed of password compromise is broken down as follows:
- – 45% (87 million) in less than a minute.
- – 14% (27 million) between 1 minute and 1 hour.
- – 8% (15 million) between 1 hour and 1 day.
- – 6% (12 million) between 1 day to 1 month.
- – 4% (8 million) between 1 month and 1 year.
Experts identified only 23% (44 million) of passwords as persistent, meaning they would take more than a year to compromise.
The majority of passwords examined (57%) contain a dictionary word, which significantly reduces the strength of a password. Among the most commonly used vocabulary sequences, several groups can be distinguished:
- – Proper nouns: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”.
- – Popular words: “forever”, “love”, “google”, “hacker”, “gamer”.
- – Mots de passe standard : « password », « qwerty12345 », « admin », « 12345 », « team».
The analysis showed that only 19% of passwords contain signs of a strong and difficult-to-crack combination, such as a word not found in the dictionary, lowercase and uppercase letters, as well as numbers and symbols, and no words from the standard dictionary. At the same time, the study found that 39% of these passwords can be guessed in less than an hour using intelligent algorithms.
Perhaps the most worrying point is that attackers do not need extensive knowledge or expensive equipment to crack passwords. A standard, high-performance laptop processor will be able to find the correct combination for a password of 8 lowercase letters or numbers using brute force in just 7 minutes. Recent graphics cards can even complete the task in 17 seconds. Additionally, intelligent password guessing algorithms easily decipher character replacements such as “e” with “3”, “1” with “!” ” or “a” with “@”, as well as popular sequences such as “qwerty”, “12345”, “asdfg”.
« Humans unconsciously create “human” passwords, containing dictionary words in their native language, names, numbers, etc., all of which are easy for our already overworked brains to remember. Even seemingly strong combinations are rarely completely random and can therefore be guessed by algorithms. In these conditions, the most reliable solution is to generate completely random passwords using password managers. These applications can securely store large volumes of data, thus providing complete and strong protection of user data. » comments Yuliya Novikova, head of the Digital Footprint Intelligence team at Kaspersky.
Africainfos
){kind=link}