A comprehensive study by Kaspersky has highlighted a significant vulnerability in online security: nearly half of all analyzed passwords can be cracked by scammers in less than a minute.
A comprehensive study by Kaspersky has highlighted a significant vulnerability in online security: nearly half of all analyzed passwords can be cracked by scammers in less than a minute. This finding emerges from an in-depth investigation into the strength of 193 million English-language passwords compromised by info stealers and now available on the darknet.
Kaspersky’s experts conducted the study to understand how resistant these analyzed passwords are to brute force and smart guessing attacks. Their findings are alarming: 45% of the passwords, amounting to approximately 87 million, can be guessed within a minute. In stark contrast, only 23% (around 44 million) exhibit enough resistance to withstand such attacks for more than a year.
The scale of analyzed password theft attempts is equally concerning. In 2023 alone, Kaspersky’s telemetry data recorded over 32 million attacks aimed at stealing user passwords. This surge in attacks underscores the critical need for robust digital hygiene and timely implementation of effective password policies.
Kaspersky’s study provides a detailed look at the composition of the compromised passwords, revealing that a significant number are inherently weak. About 57% of the passwords contain dictionary words, significantly diminishing their strength. Commonly used names like “ahmed,” “nguyen,” “kumar,” “kevin,” and “daniel” are frequently seen, along with popular words such as “forever,” “love,” “google,” “hacker,” and “gamer.” Additionally, standard passwords like “password,” “qwerty12345,” “admin,” “12345,” and “team” are prevalent, making them easy targets for attackers using smart guessing algorithms.
The analysis also uncovered that only 19% of the passwords feature strong combinations, including non-dictionary words, a mix of lowercase and uppercase letters, numbers, and symbols. Yet, even these seemingly strong passwords are not foolproof; 39% of them can still be guessed within an hour using advanced algorithms.
“Humans often create ‘human’ passwords, incorporating dictionary words in their native languages, names, and numbers. Even passwords that appear strong are seldom entirely random, making them vulnerable to algorithmic guessing,” explained Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky. “The most reliable approach is to use modern password managers to generate completely random passwords. Tools like Kaspersky Password Manager can securely store large volumes of data and provide robust protection for user information.”
To bolster password security, experts recommend several practices:
- Unique Passwords for Each Service: Use different passwords for different services to prevent a breach of one account from compromising others.
- Avoid Predictable Information: Refrain from using easily guessable information, such as birthdays or names of family members and pets, as part of your passwords.
- Utilize Password Managers: Given the difficulty of memorizing numerous long and unique passwords, password managers like Kaspersky Password Manager can help by storing all passwords securely, allowing users to remember just one master password.
- Enable Two-Factor Authentication (2FA): Adding an extra layer of security with 2FA makes it harder for attackers to gain access, even if they have the password.
- Employ Comprehensive Security Solutions: Tools like Kaspersky Premium monitor the internet and dark web for exposed passwords and alert users when changes are needed.
For further details and guidance, the full research findings are available on Securelist and the Kaspersky Daily blog.
As the digital landscape continues to evolve, the findings from Kaspersky’s study serve as a critical reminder of the importance of strong, well-protected passwords and vigilant cybersecurity practices.