- Kaspersky researchers found that most passwords can be cracked in less than a minute
- Researchers used a GPU to crack real-world passwords on the dark web
- Most passwords can be cracked in less than an hour
Using real samples collected from the dark web, Kaspersky researchers tested the time it takes to crack most passwords and found that almost half of the world’s passwords can be cracked in less than a minute.
Furthermore, the study shows that in one hour, this number rises to three out of five passwords.
Armed with this knowledge, the researchers then explored what differentiates a strong password from a weak password.
Broke in less than a minute
The Kaspersky research team gathered a dataset of 231 million unique passwords leaked on the dark web between 2023 and 2026 and, using a single RTX 5090 GPU, determined how long it would take a persistent hacker to crack most MD5 hashing algorithm passwords.
The results showed that 48% of the world’s passwords can be cracked in less than a minute, 60% in less than an hour, and 68% in less than 24 hours.
But that’s just one threat actor with a single GPU. If the attacker turns to renting GPU computing power online, for just a few dollars an hour, they can rent multiple GPUs to crack passwords even faster.
The main obstacle to quickly cracking a password is its length. If a password is less than 8 characters long, it often takes less than 24 hours to crack. The gold standard is 15+ characters, but make sure there isn’t just character variation.
If you want to add extra hours to your password cracking time, add some numbers. But don’t use your year of birth, and especially don’t use “1234”. Using a special character can help, but Kaspersky found that the “@” symbol is by far most people’s choice, appearing in one in ten passwords.
Kaspersky also found that more than half of the passwords in its dataset had already been exposed, showing the extent of password reuse.
To best protect your passwords and online accounts, you can take certain concrete steps:
- Use a reputable password manager to generate and store your credentials
- Never write your passwords as plain text.
- Don’t use browser storage for your passwords, they can be extracted almost instantly by malware.
- Where possible, use a password instead of a password. They are more secure and resistant to phishing.
- Whenever you can, use multi-factor authentication (MFA) to secure your accounts. Even if an attacker knows your username and password, MFA can prevent them from gaining access.
The best password manager for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds.
