Weak passwords are easy pickings for hackers! Kaspersky’s study reveals that 45% of passwords cracked in under a minute. Learn how to create strong passwords and improve your online security.
In June 2024, Kaspersky experts conducted a large-scale study on the resistance of 193M English passwords, compromised by info stealers and available on the darknet, to brute force and smart guessing attacks. According to the research results, 45% of all analyzed passwords (87M) could be guessed by scammers within a minute. Only 23% (44M) of combinations were resistant enough – cracking them would take more than a year. Besides, Kaspersky experts have revealed which character combinations were most commonly used in passwords.
Kaspersky telemetry indicates that in 2023, more than 32 million attempts were made to attack users with password stealers. These numbers show the importance of digital hygiene and timely password policies.
The results of the Kaspersky study demonstrate that most of the reviewed passwords were not strong enough and could be easily compromised using smart guessing algorithms. Here is the breakdown of how fast it can happen:
- 45% (87M) in less than 1 minute.
- 14% (27M) – from 1 min to 1 hour.
- 8% (15M) – from 1 hour to 1 day.
- 6% (12M) – from 1 day to 1 month.
- 4% (8M) – from 1 month to 1 year.
Experts identified only 23% (44M) of passwords as resistant – compromising them would take more than one year.
Besides, most of the examined passwords (57%) contain a word from the dictionary, significantly reducing the passwords’ strength. Among the most popular vocabulary sequences, several groups can be distinguished:
- Names: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”.
- Popular words: “forever”, “love”, “google”, “hacker”, “gamer”.
- Standard passwords: “password”, “qwerty12345”, “admin”, “12345”, “team”.
The analysis showed that only 19% of all passwords contain signs of a strong combination—a non-dictionary word, lowercase and uppercase letters, numbers, and symbols. At the same time, the study revealed that 39% of such passwords could also be guessed using smart algorithms in less than an hour.
The interesting thing is that attackers do not require deep knowledge or expensive equipment to crack passwords. For example, a powerful laptop processor can find the correct combination for a password of 8 lowercase letters or digits using brute force in just 7 minutes. Modern video cards will cope with the same task in 17 seconds. In addition, smart algorithms for guessing passwords consider character replacements (“e” with “3”, “1” with “!” or “a” with “@”) and popular sequences (“qwerty”, “12345”, “asdfg”).
”Unconsciously, human beings create ‘human’ passwords – containing the words from the dictionary in their native languages, featuring names and numbers. Even seemingly strong combinations are rarely completely random, so algorithms can guess them. Given that, the most dependable solution is to generate a completely random password using modern and reliable password managers. Such apps as Kaspersky Password Manager can securely store large volumes of data, providing comprehensive and robust protection for user information,” Commented Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.
Also Read: Enhancing Security Operations with AI-driven SOC Insights
To strengthen passwords, users can follow simple tips:
- Use a different password for each service. That way, even if one of your accounts is stolen, the rest won’t go with it.
- Passphrases might be more secure when unexpected words are used. Even if you are resorting to common words, you can arrange them in an unusual order and make sure they are unrelated.
- It’s better not to use passwords that can be easily guessed from your personal information, such as birthdays, names of family members, pets, or your name. These are often the first guesses an attacker will try.
- It’s nearly impossible to memorize long and unique passwords for all the services you use. Still, with a special solution, such as the Kaspersky password manager, you can memorize just one master password.
- Enable two-factor authentication (2FA). While not directly related to password strength, enabling 2FA adds an extra layer of security. If someone discovers your password, they still need a second verification form to access your account. Modern password managers store 2FA keys and secure them with the latest encryption algorithms.
- Using a reliable security solution such as Kaspersky Premium will enhance your protection. It monitors the internet and the Dark Web and warns if your passwords need to be changed.
Additional information can be found in the research material on Securelist and Kaspersky Daily post.
