A sweeping analysis led by Kaspersky in June 2024 has unraveled a troubling landscape of digital security, where a staggering 45% of 193 million English passwords, previously compromised by information-stealing malware and circulating in the darknet, remain susceptible to rapid cyberattacks. The study’s alarming findings reveal that nearly half of these passwords could be decrypted by cybercriminals within a mere minute, underscoring the critical importance of robust password hygiene.
The Kaspersky study uncovers that only a slim portion, 23% or 44 million passwords, are considered strong enough to withstand attacks for more than a year. This striking minority buttresses against brute force and intelligent guessing tactics, which comprise the cybercriminals’ arsenal.
Here’s how swiftly passwords can potentially be decrypted, per the study:
- A concerning 45% (87M) in less than 1 minute.
- Some 14% (27M) could fall within 1 minute to 1 hour.
- A fraction of 8% (15M) could succumb between 1 hour to 1 day.
- A smaller 6% (12M) is vulnerable from 1 day to a month.
- Just 4% (8M) may resist for 1 month to 1 year.
The research also points to the common pitfalls in password creation. An overwhelming majority of passwords (57%) incorporate dictionary words, drastically reducing their complexity and security. The list of commonly used sequences and themes includes names like “ahmed” and “daniel”, common words such as “love” and “google”, and habitual password selections including “password” and “admin”.
Of particular concern is that even among passwords deemed strong by featuring non-dictionary terms, various character types, and symbols, 39% can still be cracked in less than an hour using advanced algorithms.
The study further delineates that the tools required for such attacks are neither complex nor expensive. A high-end laptop CPU can breach an 8-character password composed of lowercase letters or numbers in 7 minutes, while modern GPUs take as little as 17 seconds. Password-guessing algorithms have evolved to anticipate character substitutions and common sequences, rendering seemingly intricate passwords vulnerable.
READ MORE: Kenyan Judiciary Tragedy: Magistrate Dies After Injurious Courtroom Shooting
Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky, warns of the “human” nature of password creation, drawing from familiar language and patterns. To counteract this vulnerability, Novikova advises employing reliable password managers that can generate and store random combinations, offering a stauncher defense against cyberintrusions.
Strengthening password security is not complex with the right practices:
- Diversify your passwords across different platforms to prevent a singular breach from compromising multiple accounts.
- Create passphrases using unexpected word arrangements unrelated to one another for enhanced security.
- Avoid personal information that attackers could readily predict, such as birthdays, and even the usernames of family members or pets.
Kaspersky’s recent study is a stark reminder of the continuous need for vigilance in digital password security, a fundamental component of our defense against a growing spectrum of cyberthreats.
