In a recent comprehensive study conducted by Kaspersky in June 2024, concerning the robustness of English passwords, alarming findings have emerged. The research analyzed a staggering 193 million passwords that had been compromised by infostealers and made available on the darknet. The primary focus of the study was to assess these passwords’ resistance to brute force and smart guessing attacks. The results were a stark reminder of the vulnerabilities many users still face in their digital security practices.
- Rapidly Compromised Passwords: The study revealed that 45% of the analyzed passwords, amounting to 87 million, could be guessed by scammers in less than a minute. This indicates a widespread use of weak passwords that offer minimal protection against even the most basic hacking techniques.
- Strong Passwords in the Minority: Only 23% of the passwords, or approximately 44 million, were deemed strong enough to withstand cracking attempts for over a year. This minority highlights the critical need for improved password creation and management practices among users.
- Common Character Combinations: The research also shed light on the character combinations most commonly used in passwords. While specific details on these combinations were not disclosed, the implication is clear: many users still rely on predictable patterns that can be easily exploited by attackers.
Kaspersky’s telemetry data from 2023 underscores the urgency of this issue. Over 32 million attempts to attack users with password stealers were recorded, illustrating the relentless efforts by cybercriminals to exploit weak password security. These figures emphasize the importance of robust digital hygiene practices and the implementation of stringent password policies.
- Create Strong Passwords: Utilize a mix of uppercase and lowercase letters, numbers, and special characters. Avoid common words, phrases, and easily guessable patterns.
- Use a Password Manager: These tools can help generate and store complex passwords, ensuring each account has a unique and strong password without the need for memorization.
- Enable Multi-Factor Authentication (MFA): Adding an extra layer of security can significantly reduce the risk of unauthorized access, even if a password is compromised.
- Regularly Update Passwords: Change passwords periodically and avoid reusing them across multiple accounts.
- Stay Informed: Keep abreast of the latest security threats and best practices for digital security.