A study by Kaspersky experts found that 45 per cent of 193 million compromised English passwords analyzed could be cracked by scammers within one minute, while only 23 per cent would take over a year to crack.
The study released Thursday, which analysed passwords available on the darknet, highlighted the need for improved digital hygiene and timely password policies.
Kaspersky’s telemetry data showed over 32 million attempts to attack users with password stealers in 2023.
The findings underscore the importance of robust password management, as the majority of reviewed passwords were easily compromised using smart guessing algorithms.
“The majority of the examined passwords (57 per cent) contain a word from the dictionary, which significantly reduces the passwords’ strength. Among the most popular vocabulary sequences, several groups can be distinguished:
“Names: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”. Popular words: “forever”, “love”, “google”, “hacker”, “gamer”. Standard passwords: “password”, “qwerty12345”, “admin”, “12345”, “team,” the report highlighted.
The analysis showed that only 19 per cent of all passwords contain signs of a strong combination—a non-dictionary word, lowercase and uppercase letters, as well as numbers and symbols.
At the same time, the study revealed that 39 per cent of such passwords could also be guessed using smart algorithms in less than an hour.
According to the report, attackers do not require deep knowledge or expensive equipment to crack passwords.
“For example, a powerful laptop processor will be able to find the correct combination for a password of 8 lowercase letters or digits using brute force in just 7 minutes.
“Modern video cards will cope with the same task in 17 seconds. In addition, smart algorithms for guessing passwords consider character replacements (“e” with “3”, “1” with “!” or “a” with “@”) and popular sequences (“qwerty”, “12345”, “asdfg”).”
The Head of Digital Footprint Intelligence at Kaspersky, Yuliya Novikova, said unconsciously that human beings create ‘human’ passwords, containing the words from a dictionary in their native languages and featuring names and numbers.
According to him, even seemingly strong combinations are rarely completely random, as they are guessed by algorithms.
“Given that, the most dependable solution is to generate a completely random password using modern and reliable password managers. Such apps as Kaspersky Password Manager can securely store large volumes of data, providing comprehensive and robust protection for user information,” commented Novikova.