Kaspersky Study Reveals Alarming Weaknesses in Password Security

In June 2024, Kaspersky experts undertook a comprehensive study analyzing the vulnerability of 193 million compromised English passwords, sourced from the darknet, to brute force and smart guessing attacks. The findings, detailed in their research report available here, highlight critical issues in password security across digital platforms.

According to the study, a staggering 45% (87 million) of the examined passwords could be deciphered by scammers within a mere minute using sophisticated algorithms. Only a fraction—23% (44 million) of the passwords—proved resilient enough to withstand such attacks for over a year.

Kaspersky’s analysis also pinpointed common pitfalls in password creation. A significant majority (57%) of the passwords included at least one dictionary word, drastically reducing their security effectiveness. The study identified popular patterns such as names ("ahmed", "nguyen", "kumar"), common words ("forever", "love", "google"), and standard passwords ("password", "qwerty12345", "admin").

Furthermore, despite the growing awareness of password complexity, only 19% of all passwords analyzed demonstrated signs of robustness, incorporating a mix of non-dictionary words, upper and lower case letters, numbers, and symbols. Alarmingly, even among these supposedly stronger passwords, 39% remained vulnerable to smart guessing attacks, typically within an hour.

Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky, underscored the human tendency to create predictable passwords, often based on personal information or easily guessable patterns. Novikova emphasized the critical importance of using modern password managers to generate and store truly random passwords securely.

To bolster password security, Kaspersky recommends several practical measures:

Use Unique Passwords: Employ different passwords for each service to mitigate risks associated with account breaches.

Create Strong Passphrases: Utilize unexpected word combinations arranged in unconventional orders to enhance security.

Avoid Personal Information: Refrain from using easily guessable details like birthdays or names of family members.

Password Managers: Utilize reliable password managers like Kaspersky Password Manager to securely store and manage passwords.

Enable Two-Factor Authentication (2FA): Implement 2FA wherever possible to add an additional layer of security.

Monitor Security: Regularly check the integrity of your passwords using tools like Kaspersky Premium, which monitors for compromised credentials on the dark web.

For further insights and detailed findings, refer to the research materials available on Securelist and Kaspersky Daily post. Taking proactive steps to enhance password security is crucial in safeguarding personal and sensitive information against evolving cyber threats.