What is the ideal formula to avoid hacking?

The world of passwords has its days numbered. However, while various cybersecurity specialists are already betting on other logging methods such as passkeys, passwords continue to be the standard when logging in. And a new study took a sample that shows that 59% of the keys used can be guessed in less than an hour.

Taking 193 million passwords, Kaspersky, a cybersecurity company based in Russia, detected passwords vulnerable to various attack techniques, from brute force (repeatedly trying different passwords) to more sophisticated ones. All with the same result: the theft of a password to impersonate an identity, steal assets or commit different types of cybercrimes.

“Kaspersky telemetry reveals more than 32 million attempts to target users with password-stealing programs in 2023. These figures show the importance of digital hygiene and proper password policies. In June 2024, Kaspersky analyzed 193 million passwords found on various darknet resources. These results show that the majority of the passwords reviewed were not strong enough and could be easily compromised using smart guessing algorithms. Analysts also point out how quickly cyberattacks are able to obtain passwords,” the company explained.

Here, statistics and tips to avoid being violated.

Of those 32 million attempts, these are the statistics for guessing passwords:

• 45% (87 million) in less than 1 minute.

• 14% (27 million) from 1 minute to 1 hour.

• 8% (15 million) from 1 hour to 1 day.

• 6% (12 million) from 1 day to 1 month.

• 4% (8 million) from 1 month to 1 year.

When we say “guessing”, we need to clarify: we are not talking about a user manually trying password by password, but about automated attacks using different methods. Artificial intelligence and automation are not something that is only exploited by those who want to make legitimate use of these tools.

The company explains: “Attackers do not require deep knowledge or expensive equipment to crack passwords. For example, a powerful laptop processor is able to find the correct combination for a password. 8 lowercase letters or digits using brute force in just seven minutes, and modern video cards – in 17 seconds. In addition, intelligent password-guessing algorithms take into account character substitutions (“e” for “3”, “1” for “!” or “a” for “@”) and popular sequences (“qwerty”, “12345”, “asdfg”).”

“Experts found that only 23% of passwords were found to be strong (44 million), as it would take more than a year to compromise them. In addition, most of the passwords examined (57%) contain a dictionary word, which significantly reduces their security,” the study explains.

Among the most repeated passwords, popular words such as “forever”, “love”, “google”, “hacker”, “gamer” were found, and the most detected standard passwords were “password”, “qwerty12345”, “admin”, “12345”, “team”.

“In this sense, the analysis showed that only 19% of all passwords contain the basic elements to achieve a robust combination: a word that is not in the dictionary and a combination of lowercase and uppercase letters, as well as numbers and symbols. In turn, the study revealed that 39% of these passwords could also be guessed in less than an hour using smart algorithms”, agrega Kaspersky.

“Unconsciously, humans create ‘human’ passwords: they contain the dictionary words in their native language, with names and numbers. Even seemingly strong combinations are rarely completely random, so they can be guessed by algorithms. Therefore, the most reliable solution is to generate a completely random password, using current and reliable password managers. These applications can securely store large volumes of data, providing comprehensive and robust protection of user information,” says Yuliya Novikova, Head of Fingerprint Intelligence at Kaspersky.

To avoid being hacked, the following tips can be taken into account:

• It is almost impossible to memorize long and unique passwords for all the services you use, but with a password manager you will only have to memorize one master key.

• Use a password different for each service. That way, even if one of your accounts is stolen, the rest won’t suffer the same fate.

• Passwords can be more secure when used unexpected wordsEven if you use common words, you can arrange them in an unusual order and make sure they are not related. There are also online services that will help you check if a password is strong enough.

• It is best not to use passwords that can be easily guessed from your personal informationsuch as birth dates, names of family members, pets, or your own name. These are often the first attempts of attackers.

• Enable the two-factor authentication (2FA). Although not directly related to password security, enabling 2FA adds an additional layer of security. Even if someone discovers your password, they would still need a second form of verification to access your account. Today’s password managers store 2FA keys and secure them with the latest encryption algorithms.