Scammers can crack 45% of passwords within a minute, employing brute force or smart guessing tactics, according to a warning from security firm Kaspersky.
Kaspersky analyzed the resilience of 193 million English passwords found on the darknet, revealing that 87 million of these could be compromised in under 60 seconds. An additional 14% could be cracked in less than an hour, while only 23% would remain secure for more than a year.
A significant portion of passwords—57%—include a dictionary word, greatly diminishing their strength. Many individuals opt for names or commonly used terms such as “love” and “gamer,” while others revert to predictable choices like “password” and “12345.”
Only 19% of the passwords exhibit characteristics of a strong combination, which includes non-dictionary words, a mix of lowercase and uppercase letters, as well as numbers and symbols. Yet, 39% of these stronger passwords can still be guessed by smart algorithms in under an hour.
Kaspersky emphasizes that attackers do not need extensive knowledge or expensive gear to crack passwords. A powerful laptop can discover the correct combination for an eight-character password comprised of lowercase letters or digits in just seven minutes. In contrast, modern graphics cards can achieve the same in only 17 seconds.
Yuliya Novikova, head of digital footprint intelligence at Kaspersky, observes, “Humans tend to create ‘human’ passwords that incorporate dictionary words in their native languages, names, and numbers. Even seemingly strong combinations are seldom entirely random, making them susceptible to algorithmic guessing.”
To enhance security, the most reliable strategy is to generate completely random passwords using trustworthy password managers.