Bad news — many of today’s top passwords can be brute force cracked in less than an hour
If you are not using random, computer-generated passwords, or one of the best password generators, chances are your logins can be cracked within an hour, research has warned.
A new report on password strength conducted recently by Kaspersky noted the advancements in computer processing power made cracking passwords significantly easier.
In their experiment, the researchers used a database of 193 million passwords, obtained from the dark web. These were hashed and salted, meaning they still needed to guess them.
Improving the algorithm
The researchers then used an Nvidia RTX 4090 GPU and tried to estimate the time needed to crack the passwords using different algorithms.
The gist of the research is that some eight-character passwords can be cracked as fast as 17 seconds. These passwords were composed of same-case English letters and digits, or 36 combinable characters. Looking at the entire database, it took the researchers less than an hour to crack more than half (59%) of the passwords.
The researchers tried out different algorithms, including the vastly popular brute force attack. This method tries all possible password combinations, and while it’s less effective for longer passwords, and those with diverse character types, it was still able to crack many short and simple passwords easily. Then, they tried to improve on brute force, by having it consider certain character combinations, words, names, dates, and sequences.
With the most efficient algorithm, the researchers guessed 45% of passwords within a minute, 59% within an hour, and 73% within a month. Only a quarter (23%) of passwords would take longer than a year to crack.
To better protect the accounts, Kaspersky recommends users go for random, computer-generated passwords, avoid meaningful words and names in passwords, and check the password strength with the best password managers.
Finally, it recommends users ensure the passwords aren’t included in leaked databases by checking HaveIBeenPwned?, and make sure they’re using unique passwords for different websites.
More from TechRadar Pro
If you are not using random, computer-generated passwords, or one of the best password generators, chances are your logins can be cracked within an hour, research has warned. A new report on password strength conducted recently by Kaspersky noted the advancements in computer processing power made cracking passwords significantly easier. …
