According to Nordpass, hackers who use brute force attacks can easily compromise accounts with weak passwords.
Image: MyImages_Micha, Getty Images / iStockphoto
Passwords have become a necessary evil, especially for people who use dozens or hundreds of apps, websites, and other services. Follow the usual rules and create a secure, complex password for each account. You cannot manage them all yourself. If you break the rules and use the same weak passwords for all or most of your accounts, there is a risk that hackers will compromise.
SEE: Cyber security: let's get tactical (free PDF) (TechRepublic)
But how vulnerable are you when you use weak or popular passwords? New research by the password manager Nordpass shows how quickly a hacker can crack a popular password.
According to Nordpass, around 70% of the world's most popular passwords can be cracked in less than a second. The passwords the company refers to are 9 of the 10 most popular passwords used in 2019. The following table lists the passwords, the time it takes to crack, and the frequency with which they were compromised during data breaches.
passwordHow long does hacking take?How many times has it been exposed?12345Less than a second 2,380,800123456Less than a second 23,547,453123456789Less than a second 7,799,814Test1Less than a second 13,518Password Less than a second 130,99912345678Less than a second2,938,594zinchLess than a second14g_czechout12,83
Hackers can try a number of tricks to get passwords for online accounts. However, the most common method is the brute force attack, in which the dirty work is based on automated tools. In this scenario, cybercriminals gain access to certain account information through a data breach. Most websites, at least secure, don't save your passwords in plain text. Rather, your passwords are saved using an encryption algorithm. In this case, the hackers learn the names, email addresses, street addresses, phone numbers and other data for each damaged account. The password is the only missing element.
To crack your password, hackers may first use a brute force attack tool to go through all common and common passwords. Next, they may search your other account information for information about your password. Some cracking tools can change these details by adding more data like numbers or special symbols.
SEE: The End of Passwords: Industry Experts Examine Opportunities and Challenges (TechRepublic)
Hackers can also translate words into Leetspeak, which converts letters into numbers or special characters. For example, the word "password" could become "p422W0Rd". You can also use rainbow tables that try to match plain text passwords to their hash values. Hackers are also looking for more of your injured online accounts to determine if you have reused the same password. The weaker your password, the more vulnerable you are to compromising your account.
"Millions of people still use generic, popular, and widely used passwords," said Chad Hammond, security expert at NordPass, in a press release. "While these may be easier to remember, people do hackers a big favor by using them because it only takes a second to crack such a weak password."
To help protect your online accounts and passwords, Hammond has provided the following tips:
Use a password generator. "Password generators are great tools for generating complex passwords in a matter of seconds," said Hammond. "Unfortunately, they are still underutilized. Recent research by Kaspersky suggests that a whopping 83% of respondents invent their passwords instead of using a tool that does it for them."Go through all of your accounts and delete those you no longer use. If a small, obscure website gets corrupted, you may never know about it. Use a website like haveibeenpwned.com to determine if your email has ever been compromised.If possible, use two-factor authentication (2FA). Regardless of whether it's an app, biometric data, or a hardware security key, your accounts are much more secure if you add this extra layer of protection.Check each of your accounts regularly for suspicious activity. If you notice anything unusual, change your password immediately.
Cybersecurity Insider Newsletter
Strengthen your company's IT security defenses by keeping up to date with the latest cybersecurity news, solutions, and best practices.
Delivery on Tuesdays and Thursdays
Sign up today