Kaspersky experts have conducted a study to test the resistance of passwords to intelligent guessing and brute force attacks. The study was conducted on 193 million passwords found publicly on various sources on the darknet.
The results showed that about 87 million passwords (45% of the survey) could be successfully cracked by hackers within 1 minute. 27 million passwords (14%) were cracked by hackers within a period of 1 minute to 1 hour. Only 23% (44 million) of passwords were considered secure because cracking them would take more than 1 year.
Notably, the majority of passwords (57%) contained a word that could easily be found in a dictionary, significantly reducing the strength of the password.
The most common vocabulary strings include some password groups in the form of people's names (admed, nguyen, kumar, kevin, daniel), password groups containing common words (forever, love, google, hacker, gamer) or standard password groups (password, qwerty12345, admin, 12345, team).
The analysis found that only 19% of passwords contained a strong combination of characters, including a non-dictionary word, both upper and lower case letters, numbers and symbols. However, even with these passwords, 39% of them could still be guessed by smart algorithms in less than an hour.
From the above data, experts believe that most of the passwords that users are using are not strong enough and are not secure enough. This has unintentionally created conditions for attackers to easily penetrate accounts. With password guessing tools by trying characters, attackers do not even need to possess specialized knowledge or advanced equipment to be able to crack.
To increase password strength, users should use separate passwords for different services. This way, even if one account is hacked, the others are still safe.
Users should avoid using personal information such as birthdays, family members' names, pets, or nicknames as passwords. These are often the first options attackers will try when cracking passwords.
While not directly related to password strength, enabling two-factor authentication (2FA) adds an extra layer of security. Even if the password is discovered, an attacker would still need two-factor authentication to access the user's account.
Source: https://vietnamnet.vn/hacker-co-the-be-khoa-45-cac-mat-khau-chi-trong-1-phut-2294421.html
![[Photo] The 1st Congress of Phu Tho Provincial Party Committee, term 2025-2030](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/1507da06216649bba8a1ce6251816820)
![[Photo] General Secretary To Lam, Secretary of the Central Military Commission attends the 12th Party Congress of the Army](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/9b63aaa37ddb472ead84e3870a8ae825)
![[Photo] Panorama of the cable-stayed bridge, the final bottleneck of the Ben Luc-Long Thanh expressway](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/391fdf21025541d6b2f092e49a17243f)
![[Photo] President Luong Cuong receives President of the Cuban National Assembly Esteban Lazo Hernandez](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/4d38932911c24f6ea1936252bd5427fa)
![[Photo] Solemn opening of the 12th Military Party Congress for the 2025-2030 term](https://vphoto.vietnam.vn/thumb/1200x675/vietnam/resource/IMAGE/2025/9/30/2cd383b3130d41a1a4b5ace0d5eb989d)
Comment (0)