45 per cent of passwords can be hacked inside one minute, according to new research by Kaspersky.
The cyber security company analysed 193 million passwords, according to a report in Digitnews online.
The majority of the passwords reviewed were not nearly strong enough and could be easily compromised by using smart guessing algorithms. Here is the breakdown of how fast it can happen:
- 45% (87 million) in less than 1 minute.
- 14% (27 million) – from 1 min to 1 hour.
- 8% (15 million) – from 1 hour to 1 day.
- 6% (12 million) – from 1 day to 1 month.
- 4% (8 million) – from 1 month to 1 year.
Just 23% (44M) of passwords as persistent – compromising them would take more than 1 year.
The majority of the examined passwords (57%) contain a word from the dictionary, which experts agree significantly reduces a passwords’ strength.
These included familiar first names, popular words, and more obvious password phrases, such as ‘qwerty12345, ‘admin’, or ‘team’.
The advice is to use made up, non-standard ‘words’, lowercase and uppercase letters, as well as numbers and symbols.
The study revealed that 76% of such passwords are strong.
Digitnews said: “Perhaps the most concerning thing is that attackers do not require deep knowledge or expensive equipment to crack passwords.
“A standard powerful laptop processor will be able to find the correct combination for password of 8 lowercase letters or digits using brute force in just seven minutes and modern video cards will cope with the same task in 17 seconds.
“In addition, smart algorithms for guessing passwords easily decipher character replacements such as “e” with “3”, “1” with “!” or “a” with “@” as well as popular sequences like “qwerty”, “12345”, “asdfg”.
“Unconsciously, human beings create “human” passwords – containing the words from dictionary in their native languages, featuring names, numbers – things that are easy for our busy brains to recall easily. Even seemingly strong combinations are rarely completely random, so they can be guessed by algorithms.”
In order to strengthen your password policy, users can use following simple tips:
Do not o use passwords that can be easily guessed from your personal information, such as birthdays, names of family members, pets, or your own name. These are often the first guesses an attacker will make.
Enable two-factor authentication. While not directly related to password strength, enabling 2FA adds an extra layer of security. Even if someone discovers your password, they would still need a second form of verification to access your account. Modern password managers store 2FA keys and secure them with the latest encryption algorithms.