A recent study published by Digital Shadows has highlighted the importance of password strength. In 2022 alone, approximately 24,650,000,000 account usernames and passwords have been accessed by cybercriminals. With the evolution of modern GPUs in combination with weak password protection, the number of accounts exploited will continue to increase. Despite this, a significant amount of people do not implement adequate security practices. Cybercriminals can abuse the compromised usernames and passwords to perform a multitude of account takeover (ATO) attacks. These include accessing bank accounts for purchasing, utilizing social media to issue spam, and to request payments from colleagues or family members.
The Digital Shadows Photon Research team conducted the study to raise awareness on the expanding problem. In 2020, a report was issued by the same team presenting results that demonstrated that approximately 15 billion credentials in circulation. The credentials had been exposed as a result of approximately 100,000 data breaches.Among the 15 billion credentials examined, 5 billion did not have repeated credentials pairs. The latest Digital Shadow report revealed that the number of credentials in circulation increased to 24 billion and the number of unique credentials increased to 6.7 billion. The rapid increase in the number of credentials in circulation is cause for growth within the market for selling those credentials. Cyber criminals may purchase tools for accessing accounts for as little as $4.
The latest study, the researchers conducted an investigation into the amount of time it takes to crack a password. Using the 50 most frequent passwords in the data set of 6.7 billion, the researchers ran the zxcvbn password strength meter. These included 123456, qwerty, and DEFAULT. The study found that passwords with a weak security rating were cracked immediately in 49 of the 50 passwords. Digital Shadows insists on the benefits of adding just one special character to your password. In circumstances where a weak password was used, a hacker could gain access with online throttling after approximately 15 days. However, when a special character was added, online throttling would crack the password after approximately 22,337 days.
Authentication without passwords is said to be the solution to the shortcomings of passwords. However, as we wait for this change the Digital Shadows team recommends that users take several actions to advance the security of their credentials. These include implementing complex passwords, utilizing a password manager, never reusing passwords in multiple platforms, and implementing multi factor authentication.