Top Passwords Can Be Cracked in Under an Hour, Research Reveals

If you're not using strong, random passwords generated by a computer or a reliable password manager, your logins might be compromised in less than an hour, warns new research by Kaspersky.

Kaspersky's recent study on password strength highlights that advances in computer processing power have made it significantly easier to crack passwords.

Improving the algorithm

The researchers used an Nvidia RTX 4090 GPU to test a database of 193 million hashed and salted passwords sourced from the dark web. Their findings are alarming: many eight-character passwords could be cracked in as little as 17 seconds, particularly those composed of same-case English letters and digits.

On average, more than half (59%) of the passwords in the database were cracked within an hour. The study employed various algorithms, including the widely-used brute force attack, which attempts every possible password combination. While brute force is less effective for longer, more complex passwords, it still easily cracked many simple, short passwords.

When using the most efficient algorithm, the researchers managed to guess 45% of passwords within a minute, 59% within an hour, and 73% within a month. Only 23% of the passwords would take more than a year to crack.

To enhance password security, Kaspersky advises using random, computer-generated passwords, avoiding meaningful words and names, and checking password strength with reputable password managers. Additionally, they recommend ensuring your passwords aren't part of leaked databases by using services like HaveIBeenPwned? and using unique passwords for different websites.