Experts says, Scammers can guess your password within one minute

0

Kaspersky experts have conducted a large-scale study on the resistance of 193 million English passwords – com­promised by infostealers and available on the darknet – to brute force and smart guessing attacks.

The results show that 45% of all an­alysed passwords (87-million) could be guessed by scammers within a minute, reports Daily Independent.

Just 23% (44-million) of combina­tions turned out to be resistant enough – cracking them would take more than a year.

Furthermore, Kaspersky experts have revealed which character combi­nations were most commonly used in passwords.

Kaspersky telemetry indicates more than 32-million attempts to attack users with password stealers in 2023. These numbers show the importance of digital hygiene and timely password policies.

The results of the Kaspersky study demonstrate that the majority of the reviewed passwords were not strong enough and could be easily compro­mised by using smart guessing algo­rithms.

Here is the breakdown of how fast it can happen:

45% (87-million) in less than 1 min­ute; 14% (27-million) – from 1 min to 1 hour; 8% (15-million) – from 1 hour to 1 day; 6% (12-million) – from 1 day to 1 month, and 4% (8-million) – from 1 month to 1 year.

Experts identified only 23% (44-mil­lion) of passwords as resistant – com­promising them would take more than one year.

Furthermore, the majority of the examined passwords (57%) contain a word from the dictionary which signifi­cantly reduces the passwords’ strength. Among the most popular vocabulary sequences, several groups can be distin­guished: Names: “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”.

Popular words: “forever”, “love”, “google”, “hacker”, “gamer”.

Standard passwords: “password”, “qwerty12345”, “admin”, “12345”, “team”.

The analysis showed that only 19% of all passwords contain signs of a strong combination – a non-dictionary word, lowercase and uppercase letters as well as numbers and symbols.

At the same time, the study revealed that 39% of such passwords could also be guessed using smart algorithms in less than an hour.

The interesting thing is that attack­ers do not require deep knowledge or expensive equipment to crack pass­words.

For example, a powerful laptop pro­cessor will be able to find the correct combination for a password of 8 lower­case letters or digits using brute force in just seven minutes. Modern video cards will cope with the same task in 17 sec­onds. In addition, smart algorithms for guessing passwords consider character replacements (“e” with “3”, “1” with “!” or “a” with “@”) and popular sequences (“qwerty”, “12345”, “asdfg”).

“Unconsciously, human beings cre­ate ‘human’ passwords containing the words from a dictionary in their na­tive languages, and featuring names and numbers,” says Yuliya Novikova, head of Digital Footprint Intelligence at Kaspersky.

“Even seemingly strong combinations are rarely completely random so they can be guessed by al­gorithms. Given that, the most depend­able solution is to generate a completely random password using modern and reliable password managers.”

Leave a Reply

Your email address will not be published. Required fields are marked *