Password without Future! New GPUs open 59% of all passwords on the web in less than an hour

RHC editorial team: June 19, 2024 2.51 pm

The power of modern computers continues to grow, making it possible to solve increasingly complex problems more quickly. One of the side effects of this phenomenon is the possibility of hacking those passwords that only a few years ago seemed unavoidable.

A recent study by Kaspersky Lab found that an RTX 4090 graphics card can guess an eight-digit password made up of letters and numbers in just 17 seconds. And over half of all passwords used in cyberspace (59%) can be breached in less than an hour.

To authenticate users, websites store the login-password pairs as hashes rather than plain text. Hashes protect passwords from loss by adding a salt before the hash to prevent the use of rainbow tables. Despite the irreversibility of hashes, an attacker who manages to access a leaked database can try to guess passwords using ready-made tools, which are publicly available.

The study analyzed 193 million leaked passwords available on various dark web sites. The passwords were not collected or stored by Kaspersky Lab itself. Various algorithms have been used to estimate the time required to crack a password using brute force methods, including dictionary attacks and brute force attacks on common character combinations.

The brute force method is simple and straightforward: the computer tries all possible passwords until it finds the correct one. This approach is less effective for long passwords. The cracking time directly depends on the length of the password and the number of character types it contains.

The most popular passwords (28%) include uppercase letters, special characters and numbers. Most of these passwords are difficult to crack using brute force methods: about 5% can be guessed in a single day, but the remaining 85% take more than a year to guess.

Passwords that contain only letters, numbers, or special characters are the least strong. Most of these passwords can be cracked within a day. Statistics showed that strong passwords consisting only of letters began with 11 characters, while there were no strong passwords consisting only of numbers in the sample.

There are algorithms that optimize the hacking process, taking into account the most common character combinations such as “12345” or “qwerty”. For example, the algorithm zxcvbn estimates the complexity of a password by determining its pattern and calculating the number of iterations needed to crack it.

The study used various optimized algorithms such as 3gram_seq and ngram_opt_corr. These methods take into account the probability of subsequent characters appearing based on previous ones. Optimized algorithms can provide a significant advantage in hacking speed.

The study revealed that 45% of all passwords can be guessed in less than a minute, 59% in less than an hour and 73% in less than a month. He is alone 23% of passwords take more than a year to crack.

The majority (57%) of passwords contain a dictionary word, which significantly reduces their strength. Half of these passwords can be cracked in less than a minute, and 67% in less than an hour. Only 12% of these passwords are strong enough.

Modern GPUs they are capable of cracking passwords at incredible speed. To protect your accounts, you We recommend using random, computer-generated passwords. Otherwise it is recommended to use long passwords that include uppercase and lowercase letters, numbers and special characters, avoiding dictionary words.

Additionally, it’s a good idea to check the strength of your passwords using specialized tools. If they show that your password is weak, you should change it. Additionally, all important accounts must have two-factor authentication set up, so that even if your password is stolen or guessed, hackers will not be able to access your data.

Furthermore, and we will never tire of saying it, the use of Multi Factor Authentication where possible is always the wisest choice today.