About 65% of Internet users' passwords consist of six-eight numbers or numbers and lowercase letters; such passwords can be cracked in a minute by using computers that guess password combinations. This is stated in a new study of RTM Group, a company specializing in information security services.
The company's experts analyzed about 50 million pairs of logins and passwords that were leaked or sold on the Darknet between January 2022 and May 2023. Their main goal was to assess how reliable passwords are used by representatives of small, medium and large businesses, as well as ordinary users.
Most often, the weakest passwords are used by "regular" users: in about 65% of cases, their passwords can be cracked in just one minute. A little less often, in about 50% of cases, such simple passwords are used by representatives of small businesses. The remaining 50% at the same time use more complex combinations consisting of eight numbers, lowercase and uppercase letters. True, according to the RTM Group, it takes only a few minutes for even such passwords to be guessed by modern auto-selection systems that can check up to 300 billion combinations per second.
Interestingly, larger companies tend to use more complex passwords. The strongest passwords were found among employees of companies representing large businesses. Such passwords consist of at least 12 characters, most of which are special symbols such as brackets, percentages, currency symbols, etc.
According to experts, the increase in the power of video cards used to crack passwords affects the speed of the task. A few years ago, an eight-digit password consisting of various numbers and letters was considered safe. Now such passwords are cracked within hours. Today, passwords that consist of a 16-character combination, including special characters, are the most reliable. For modern video cards, it would take about 50 billion years to guess such a password.
Let's remind that the PassGAN model of artificial intelligence can crack the password in less than a minute in 51% of cases, in less than 60 minutes in 65% of cases, and in 71% of cases in just 1 day. And it can crack 81% of passwords within a month.
In turn, NordPass and researchers cooperating with it have processed more than 3 TB of data and discovered the 200 most popular passwords. Oddly enough, passwords like "123456", "guest", "qwerty", "abc123" etc. have been found on this list for more than a decade. According to experts, 83% of the passwords on the list can be cracked in less than a second. If you are still using such passwords, it is recommended that you change them as soon as possible.