Most passwords cracked in less than an hour, and many in just one minute | Technologies

“People are very vulnerable.” This was stated by Yulia Novikova, head of Fingerprint Intelligence at cybersecurity company Kaspersky, after an exhaustive study of 193 million passwords found that only two in 10 were secure. Most of them can be learned in an hour, and many of them in just a minute. And the cost is minimal, channels dark web (the network hides convincing information from search engines…

“People are very vulnerable.” This was stated by Yulia Novikova, head of Fingerprint Intelligence at cybersecurity company Kaspersky, after an exhaustive study of 193 million passwords found that only two in 10 were secure. Most of them can be learned in an hour, and many of them in just a minute. And the cost is minimal, channels dark web (a network hidden from regular search engines) and Telegram, where cybercrime weapons are sold, offer all-inclusive packages: programs, cloud servers and data on potential victims for only 80 euros per week.

“Our data is like our houses. Will you leave it open for entry?” asks Lilian Balatsu, an expert in artificial intelligence linguistics and a PhD in cognitive neuroscience from Bangor University, during a meeting with a cybersecurity firm in Athens. The answer, after researching Kaspersky, is yes, we leave the house open half the time.

Novikova explains that 40% of attacks (a third of them involve kidnapping and extortion) begin with a hacked account. Employees and company suppliers who have usernames and passwords to work admit that they violate corporate security rules out of boredom or completing their tasks without further complications.

Thus, house key owners abuse it and leave the lock unlocked or allow themselves to be copied more than once 21% of the time. “Human error is the main cause of incidents,” warns Novikova, adding that 10 million systems were infected last year, which is 32% more than at the beginning of the decade.

According to Kaspersky Lab, 45% of passwords are cracked in less than a minute, 14% in less than an hour, and another 14% in a day or less than a month. Thus, only a little more than two out of every 10 access keys to critical systems are secure.

Others use names, common words or dictionary terms which, even if modified with numbers or symbols replacing letters, are easily vulnerable. There is no pirate behind me(hacker) spend their time deciphering them. “Cybercriminals are very creative, but at the same time lazy,” says a security firm expert, noting that cyberattack weapons sales channels already offer €80 a week subscription packages that include not only databases of vulnerable victims, but also programs and servers to be able to run them without their own infrastructure. These systems can even break multi-factor authentication protocols, which only allow a user access if they provide two or more different proofs of their identity.

Solutions

Marco Preuss, deputy director of the Global Research and Analysis Team (GReAT) and head of the European Kaspersky Research Center, is wary even of biometric identification systems, which, in his opinion, also involve the use of personal information.

As such, the experts at the Athens meeting favor a generalization of password managers—programs that can securely store unique users and passcodes and even reliably generate them for each use.

In addition, the most effective tactics are: use different passwords for each service so that if stolen, only one account is compromised, use unusual words or mix them, check the strength of the chosen one using online services. , prevent them from responding to personal information that hackers might have access to (such as personal names and dates accessible through social media), and enable two-factor authentication (2FA).

Rafael Conde del Pozo, Softtek’s chief innovation officer, adds another element of risk: phones. As he explains, “mobile devices have become an extension of ourselves and require comprehensive protection against emerging vulnerabilities.”

In this sense, he proposes to provide them with advanced biometric authentication systems popular in mobile payments; behavioral, which analyzes patterns that do not suit the user; and artificial intelligence to detect anomalies, encrypt data and restrict access.

In terms of mobile vulnerabilities, Check Point’s Threat Intelligence division has identified several campaigns that use Rafel RAT, an open-source tool for Android devices designed for security campaigns. phishing (deception) through messages and conversations in order for the user to install malicious applications disguised under a fictitious name and icon. They request advanced permissions, display legitimate web pages or imitate them, and then secretly track the device to steal data.

Security measures affect all types of programs, including social networking applications. The same security company, after detecting illegal access via direct messages on TikTok, recommends setting strong passwords, setting up two-factor authentication through the network security page to enable the “log in with verification” feature, and reporting any strange activity. A vulnerability in this network recently affected the accounts of media outlets and popular personalities.

You can follow El Pais Technology V Facebook And X or register here to receive our weekly newsletter.