Only 23% of passwords would resist hackers for more than a year
In June 2024 «Kaspersky Lab» analyzed 193 million passwords found publicly available on darknet resources and found that almost half of them (45%, or 87 million) could be guessed by scammers in less than a minute.
Most passwords can be easily cracked using smart algorithms: to select 14% of them (27 million) scammers will need no more than an hour, 8% (15 million) — no more than a day. Smart selection algorithms can take into account the replacement of characters («e» by 3, 1 by !, «a» by @) and know popular combinations ( qwerty, 12345, asdfg).Only 23% (44 million) of the combinations turned out to be strong enough: it would take more than a year to crack them.
Most of the analyzed passwords (57%) contain an existing dictionary word, which significantly reduces their resistance to cracking. Most often people use names (ahmed, nguyen, kumar, kevin, daniel), popular words (forever, love, google, hacker, gamer, password, admin, team), and common combinations (qwerty12345, 12345) as passwords.
Head of Kaspersky Digital Footprint Intelligence Service «Kaspersky Lab» Yulia Novikova explained:
For password guessing, attackers do not require deep knowledge or expensive equipment. Computing power can be rented in cloud services; large budgets are not required for this. Fraudsters often use special programs to steal credentials — infostealers. According to our team’s research, over the past five years, they have been used to compromise logins and passwords for 443 thousand sites around the world, and in the .ru zone, 2.5 million pairs of logins and passwords were stolen in the same way.  ;