Many people use unsafe, easy-to-guess passwords.

In June 2024, Kaspersky cybersecurity experts analyzed 193 million passwords, found from public sources on various darknet sites (a network of websites not accessible from search engines).

The results showed that the majority of passwords were rated as weak and insecure, making it easy for attackers to break into accounts using smart guessing algorithms. Here is an analysis of how fast attackers cracked passwords:

45% (87 million passwords) in less than 1 minute.

14% (27 million): From 1 minute to 1 hour.

8% (15 million): From 1 hour to 1 day.

6% (12 million): From 1 day to 1 month.

4% (8 million): From 1 month to 1 year.

Accordingly, experts believe that only 23% (equivalent to 44 million) passwords are considered secure because cracking them takes more than 1 year.

In addition, the majority of passwords (57%) contain a word that can be easily found in a dictionary, which significantly reduces the strength of the password. Among the most common vocabulary strings, Kaspersky divides passwords into several groups:

Name: "ahmed", "nguyen", "kumar", "kevin", "daniel".

Popular words: "forever", "love", "google", "hacker", "gamer".

Standard passwords: "password", "qwerty12345", "admin", "12345", "team".

The analysis found that only 19% of passwords contained a combination of a strong password, including a non-dictionary word, both upper and lower case letters, as well as numbers and symbols. At the same time, the study also found that 39% of those strong passwords could still be guessed by smart algorithms in less than an hour.

“Unconsciously, people often set very simple passwords, often using dictionary words in their mother tongue, such as names and numbers,” said Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.

Even strong password combinations are rarely set to deviate from this trend. Therefore, passwords are completely guessable by algorithms. Therefore, the most reliable solution is to generate a completely random password using modern and reliable password managers. Such applications can store large amounts of data securely, providing comprehensive and strong protection for user information.

How to prevent

To increase the strength of passwords, users can apply the following simple tips:

- Use tools from cybersecurity companies to manage passwords.

- Use different passwords for different services. This way, even if one of your accounts is hacked, the others are still safe.

- Passphrase, which helps users recover their accounts when they forget their password, is safer when using less common words.

- Avoid using personal information, such as birthdays, family members' names, pets, or nicknames, as passwords. These are often the first options attackers will try when cracking a password.

- Turn on two-factor authentication (2FA). While not directly related to password strength, turning on 2FA adds an extra layer of security.

- Using a trusted security solution will improve protection for users. This solution monitors the Internet and the dark web, alerting them if their password has been compromised or needs to be changed.