Hours or minutes. This is the time frame in which a cybercriminal can figure out the password protecting one of your personal accounts. Much of this average is due to the weakness of user passwords, which is beyond the ability of attackers to perform the entire process.
A study conducted by Kaspersky in June 2024 revealed that current passwords are not strong enough and can be cracked within minutes.This report, which analyzed 193 million compromised passwords available on the dark web, demonstrates the importance of knowing how to use this type of security system. And create complex passwords to really protect our personal information.
Determine the average time spent studying. Several attack techniques have been used to evaluate the strength of passwords, including brute force attacks, Zxcvbn (a tool for evaluating key security), and intelligent guessing algorithms. The results were as follows:
- 45% of analyzed passwords could be guessed in less than a minute.
- The additional 14% can be deciphered in anywhere from a minute to an hour.
- 8% takes from an hour to a day to crack.
- 6% can be decrypted within 1-30 days.
- It requires an estimate of 4% from one month to one year.
These data indicate that the total 59% of passwords can be cracked in less than an hourOnly 23% of the passwords analyzed are considered resistant, meaning they could take more than a year to crack.
The study also analyzed the composition of passwords, and revealed that most of them contain elements that make them more susceptible to guessing. For example:
- 57% of passwords contain a dictionary word, which significantly reduces their security.
- Common names such as “hmed”, “nguyen”, “kumar”, “kevin”, and “daniel” are used frequently.
- Common words like “forever,” “love,” “google,” “hacker,” and “gamer” are common.
- Standard passwords such as “password”, “qwerty12345”, “admin”, “12345”, and “team” also appear frequently.
Although some passwords contain a mix of lowercase and uppercase letters, numbers, and symbols, only 19% of them meet the basic elements that are considered strong. However, even among these, 39% can be guessed in less than an hour using intelligent algorithms that take into account common character substitutions and sequences.
Furthermore, the research also highlights that attackers do not need expensive equipment or deep knowledge to crack passwords. For example, A powerful laptop processor can find the correct combination for a password of 8 letters or lowercase numbers using brute force in just seven minutes. Current video cards can do the same thing in just 17 seconds.
- Use password managers– It is almost impossible to remember long and unique passwords for all the services we use. A password manager allows you to store large amounts of data securely, requiring only the master key to be memorized.
- Unique passwords for each service: It is essential to use a different password for each service. This way, if one account is hacked, the other accounts remain safe.
- unexpected wordsEven if you use common words, arranging them in an unusual order and making sure they are not related to each other can increase security. Additionally, there are online services that can help you check if your password is strong enough.
- Avoid personal information: Don't use personal information such as birth dates, family members' or pets' names, or your name in passwords. These are often the first attempts of attackers.
- Two-factor authentication (2FA): Although it's not directly related to password security, enabling two-factor authentication adds an extra layer of security. Even if someone discovers your password, they'll still need a second form of verification to access your account.