In June 2024, cybersecurity experts at Kaspersky conducted an extensive study analyzing the resilience of 193 million compromised English passwords, which were readily available on the darknet. The findings are sobering: 45% of these passwords (87 million) could be cracked by cybercriminals in less than a minute. Only 23% (44 million) exhibited enough resistance to withstand brute force attacks for more than a year.
The research highlights the critical importance of robust digital hygiene and timely updates to password policies. Kaspersky’s telemetry from 2023 showed over 32 million attempts to attack users with password stealers, underscoring the urgent need for stronger security measures.
Vulnerability Breakdown
Kaspersky’s analysis provides a detailed breakdown of the time it takes to crack the compromised passwords:
- 45% (87M): Less than 1 minute
- 14% (27M): 1 minute to 1 hour
- 8% (15M): 1 hour to 1 day
- 6% (12M): 1 day to 1 month
- 4% (8M): 1 month to 1 year
A mere 23% of passwords were deemed strong enough to resist cracking attempts for more than a year.
Common Password Patterns
The study revealed that 57% of the passwords contained dictionary words, significantly reducing their strength. Common patterns included:
- Names: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”
- Popular words: “forever”, “love”, “google”, “hacker”, “gamer”
- Standard passwords: “password”, “qwerty12345”, “admin”, “12345”, “team”
Only 19% of passwords exhibited strong characteristics, such as a mix of lowercase and uppercase letters, numbers, and symbols. However, 39% of these so-called strong passwords could still be guessed by smart algorithms within an hour.
The Ease of Password Cracking
Cracking passwords does not require advanced knowledge or expensive equipment. A powerful laptop can brute force an 8-character lowercase password in just 7 minutes, while a modern video card can accomplish the same task in 17 seconds. Smart algorithms further expedite this process by considering character replacements (e.g., “e” with “3”, “1” with “!”, or “a” with “@”) and popular sequences (e.g., “qwerty”, “12345”, “asdfg”).
“Unconsciously, human beings create ‘human’ passwords containing dictionary words, names, and numbers. Even seemingly strong combinations are rarely completely random, making them susceptible to algorithmic guessing. The most dependable solution is to generate random passwords using reliable password managers,” explained Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.
Here Are Tips for Stronger Passwords
To enhance password security, users can follow these simple guidelines:
- Use unique passwords for each service: This prevents a domino effect if one account is compromised.
- Create unexpected passphrases: Use unrelated words in unusual orders to increase complexity.
- Avoid easily guessable information: Steer clear of using birthdays, family names, or pet names.
- Utilize password managers: Tools like Kaspersky Password Manager securely store and generate strong passwords.
- Enable two-factor authentication (2FA): Adds an extra security layer by requiring a second form of verification.
- Deploy comprehensive security solutions: Products like Kaspersky Premium monitor the web for compromised credentials and recommend changes when necessary.
The Kaspersky study starkly illustrates the vulnerability of common password practices and the need for heightened security measures. By adopting stronger passwords, utilizing password managers, and enabling two-factor authentication, users can significantly enhance their online security.
- Tags: cyber attacks, cyber threats, cybercrime, cybersecurity, data protection, digital protection, digital security, global websites, hacking, hacking prevention, Here are the relevant SEO keywords for the headline: Website security, internet security, online safety, online threats, online vulnerability, security experts, vulnerability, web protection, website statistics
