Hackers share passwords they can crack in 60 seconds - and millions have them

A worrying report from Kaspersky has revealed that millions of commonly used passwords can be cracked in less than a minute. The security experts analysed a database of 193 million passwords found on the Dark Web to see if recent advances in computer processing power could make it easier to crack passwords.

According to data from Kaspersky, hackers attempted to break into passwords 32 million times last year alone. This figure is expected to rise as brute-forcing passwords becomes increasingly easy with the latest algorithm and hardware.

To attempt to crack the database of 193 million passwords discovered on the Dark Web, Kaspersky researchers utilised a combination of the latest algorithms and an Nvidia RTX 4090 GPU worth £1,549. All of the stored passwords were hashed and salted, meaning researchers still needed to correctly guess them to gain access.

Read more: Martin Lewis shares summer holiday advice

Researchers found that if your password has 8 characters or fewer, it could be cracked in just 17 seconds. Most of these passwords consisted of either all lowercase or uppercase English letters with a few numerical digits, highlighting the importance of using special characters, like symbols, to make your password more difficult to crack.

In total, 45% of all passwords analysed from the database - 87 million - could be guessed within a minute.

The majority of the passwords analysed by researchers contained at least one dictionary word, significantly weakening their security and making them more vulnerable to brute force attacks.

As researchers cracked millions of passwords, clear patterns emerged. To ensure a strong, unique password that protects your account, steer clear of these common choices:.

Popular Words.

- forever.

- love.

- google.

- hacker.

- gamer.

Common Names.

- daniel.

- kevin.

- ahmed.

- nguyen.

- kumar.

Standard Passwords.

- password.

- qwerty12345.

- admin.

- 12345.

- team.

Hackers' sophisticated algorithms can guess passwords with character substitutions, such as replacing "a" with "@" or "e" with "3" so avoid this predictable strategy.

With advanced brute-force algorithms, researchers broke 59% of 193 million passwords in just an hour, and 73% within a month.

Only 23% of passwords from a Dark Web database would take over a year to crack.

Kaspersky's security experts commented on their findings: "Unconsciously, humans create 'human' passwords - using dictionary words from their native language, names, numbers, etc., things our busy brains can easily remember."

"Even seemingly strong combinations are rarely completely random, so they can be guessed by algorithms. Given that, the most dependable solution is to generate a completely random password using modern and reliable password managers."