If you're not using random computer-generated passwords or one of the best password generators, chances are your logins can be cracked within an hour, research warns.
A new report on password security recently conducted by Kaspersky noted that advances in computer processing power made cracking passwords much easier.
In their experiment, the researchers used a database of 193 million passwords, obtained from the dark web. These were mashed and salted, meaning they still had to guess.
Improving the algorithm
The researchers then used an Nvidia RTX 4090 GPU and tried to estimate the time needed to crack the passwords using different algorithms.
The gist of the research is that some eight-character passwords can be cracked in just 17 seconds. These passwords were composed of English letters and digits of the same case, or 36 combinable characters. Looking at the entire database, it took researchers less than an hour to crack more than half (59%) of the passwords.
The researchers tested different algorithms, including the very popular brute force attack. This method tries all possible password combinations, and while it is less effective for longer passwords and those with various character types, it was still able to crack many short, simple passwords easily. Then they tried to improve brute force by making it consider certain combinations of characters, words, names, dates, and sequences.
Using the most efficient algorithm, the researchers guessed 45% of passwords in one minute, 59% in one hour, and 73% in one month. Only a quarter (23%) of passwords would take more than a year to crack.
To better protect accounts, Kaspersky recommends users opt for random, computer-generated passwords, avoid meaningful words and names in passwords, and verify password strength with the best password managers.
Finally, it recommends users ensure that passwords are not included in leaked databases by checking HaveIBeenPwned? and make sure they are using unique passwords for different websites.
