About 65% of Russian user passwords consist of six or eight digits (or lowercase letters and numbers) and are cracked in one minute using machine brute force. socialbites.ca learned this from a study by the RTM Group, a company specializing in information security services, a copy of which is at the disposal of the editors.
As part of the study, RTM Group experts analyzed nearly 50 million username and password pairs that were leaked or sold on the darknet between January 2022 and May 2023. The study was conducted to evaluate the strength of passwords used by small, medium and large businesses as well as ordinary users.
As noted above, often the weakest passwords are used by ordinary users to protect personal accounts. Slightly less frequently, such combinations are found among small business passwords in about 50% of cases. The second half in this niche uses more complex combinations of lowercase and uppercase letters, as well as eight numbers. According to the RTM Group, modern automated selection systems, capable of checking up to 300 billion combinations per second, take a few minutes to “recover” such passwords.
According to experts, the complexity of passwords grows as the scale of companies a person works for. Thus, the strongest passwords were found among employees of companies representing large businesses. However, they only made up 5%. Almost all of them consisted of at least 12 characters, and most of them were special characters (brackets, percentages, currency signs, etc. – ed.).
“The use of complex passwords is affected by the existence of strict security policies in companies that regulate the length and composition of combinations. It takes from a week to several years to crack such passwords, depending on their complexity and length,” he said.
The company believes that the increase in the power of the graphics cards used in this task affects the increase in password cracking speed. A few years ago, an eight-character password consisting of numbers and letters in different states was considered secure, according to the RTM Group. Now such passwords are cracked within hours. The most reliable today are combinations of 16 characters, including special characters. For example, to guess a password like “34”
Formerly Russian-linked Cozy Bear hackers deceived Diplomats in Kiev with the help of BMW ads.