In a groundbreaking study conducted by Kaspersky, a leading cybersecurity firm, in June 2024, a staggering 45% of 193 million passwords sourced from the Dark Web were cracked within a minute. This alarming revelation underscores the urgent need for stronger password security.

Are we guessing passwords in under a minute? Really?

As you might expect from a cybersecurity report, the findings are pretty concerning. Out of the 193 million passwords analysed, Kaspersky discovered that:

• 45% (87 million) could be cracked in less than one minute.
• 14% (27 million) took between one minute and one hour.
• 8% (15 million) required up to one day.
• 6% (12 million) took up to a month.
• 4% (8 million) needed one month to a year.

These percentages account for approximately 77% of the passwords studied. The remaining 23% (44 million) were classified as “resistant” by Kaspersky, meaning they would take over a year to crack using brute force or smart guessing algorithms.

Don't use the dictionary

Kaspersky's research also revealed that 57% of the passwords contained dictionary words, significantly weakening their strength. Using common words makes your passwords more predictable and more accessible to crack.

Here are some of the most famous sequences found in the study:

• Names: Common names such as “Ahmed,” “Nguyen,” “Kumar,” “Kevin,” and “Daniel.”
• Famous words: words like “forever,” “love,” “google,” “hacker,” and “gamer.”
• Standard passwords: common choices such as “password,” “qwerty12345,” “admin,” and “team.”

Kaspersky noted that only 19% of the passwords had a “strong combination” of non-dictionary words, lowercase and uppercase letters, numbers, and symbols. However, even among these, 39% could be cracked by algorithms in less than one hour.

The barrier to running password-guessing algorithms is relatively low. Kaspersky reported that attackers can handle deep technical knowledge and expensive equipment. A hacker with a powerful laptop processor can guess passwords with eight characters (lowercase letters or digits) in just seven minutes. Moreover, smart-guessing algorithms can handle common substitutions, such as replacing “a” with “@” or “1” with an exclamation mark.

How can we strengthen our passwords?

To fortify your online security, it's crucial to follow the advice of Kaspersky and other cybersecurity experts. By implementing these measures, you can take control of your digital safety.

• Use a password manager: This helps reduce the need to memorise multiple passwords. Consider reading guides on password managers to find the best one for you.
• Unique passwords for each service: Avoid using the same password across multiple accounts to minimise the risk if one gets compromised.
• Passphrases instead of passwords: Create long, unique phrases that are memorable to you but difficult for others to guess.
• Test your password strength: Use secure and verified password checkers to ensure your passwords are robust.
• Avoid personal information: Do not use birthdays, pet names, or family members' names in your passwords.
• Enable two-factor authentication (2FA): This adds an extra security layer, requiring another verification step after entering your password. Use 2FA wherever it is available.

Ready to take control of your digital safety? Start by implementing the tips shared in this article.