With minimal expense and a bit of time, passwords can be cracked much faster than expected using a smart brute-force guessing algorithm. A recent analysis by Kaspersky revealed that 59% of 193 million real passwords were cracked in under an hour, with 45% broken in less than a minute.
However, as explained by Antonov from Kaspersky, "smart guessing algorithms are trained on a data set of passwords to determine the frequency of various character combinations, starting with the most common and working down to the rarest."
Although brute-force attacks are popular due to their straightforward approach, they are not the most efficient method for password cracking. Most commonly used passwords contain predictable patterns like dates, names, dictionary words, and keyboard sequences. Incorporating these patterns into the algorithm speeds up the cracking process significantly.
The Kaspersky study demonstrated the advantage of combining brute-force and smart-guessing techniques. Pure brute force cracked 10% of passwords in under a minute, but this success rate jumped to 45% with the addition of smart-guessing. For passwords cracked between one minute and one hour, the success rate increased from 20% to 59%.
Humans are generally not good at creating secure passwords because the choices are rarely random. We tend to use familiar elements that smart-guessing algorithms can easily identify: common names, important dates, and recognizable patterns.
For example, a YouTube channel asked over 200,000 people to pick a 'random' number between 1 and 100, and most chose from a small set of numbers like 7, 37, 42, 69, 73, and 77. Even when attempting to create random character strings, people often stick to the center of the keyboard.
This analysis underscores the importance of creating stronger, less predictable passwords. Using a combination of upper and lower case letters, numbers, and special characters can help enhance password security.
Additionally, implementing multi-factor authentication (MFA) adds an extra layer of protection, making unauthorized access much more challenging. Regularly updating passwords and avoiding reuse of old ones are also essential practices for safeguarding accounts from being easily compromised.
Employing password managers can also aid in generating and storing complex passwords, reducing the reliance on human memory and, thus, the use of predictable patterns.
As cyber threats continue to evolve, staying informed about the latest security practices and adopting proactive measures will be crucial in defending against sophisticated password-cracking techniques.