More Than Half Of Passwords ‘Can Be Cracked In 24 Hours’

Hackers are gaining access to more online accounts than they were previously due to people not using strong passwords, a report has found.

Despite multiple warnings regarding the weakness of many passwords, research from security firm Trustwave found that over half of passwords tested could be cracked in less than 24 hours.

Overall, the firm’s study, which examined 499,556 hashed passwords gathered during thousands of penetration tests performed throughout last year, found that 51 percent of those could be cracked within 24 hours and 88 percent within two weeks.

Weak

The report also found that 39 percent of passwords were eight characters long, which took Trustwave security testers around a day to crack.

The company is recommending lengthier passwords, noting that the estimated time it takes to crack a ten-character password is 591 days.

These weak passwords were also a major factor towards many of last year’s security breaches, as hackers took advantage of poor controls to hack into company networks.

Trustwave’s report found that 28 percent of breaches investigated were as a result of weak passwords, and were a contributing factor, along with weak remote access security, in 94 percent of POS (point of sale) breaches.

The report follows several major security news stories in recent weeks, most notably the hack of password storing site Lastpass earlier this week.

The site, used by customers to securely store multiple passwords, confirmed that attackers had compromised its systems, with data stolen that could allow hackers to guess weak master passwords.

It is thought the attack was helped by attackers gaining access to low-cost cloud computing resources capable of performing powerful attacks on such security measures.

Are you a security pro? Try our quiz!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago