what is the ideal formula to avoid hacking

The world of has its days numbered. However, while various cybersecurity specialists are already betting on other logging methods such as passkeys, passwords continue to be the standard when logging in. And a new study took a sample that shows that 59% of the keys used can be guessed in less than an hour.

Taking 193 million passwords, Kaspersky, a company specialized in cybersecurity based in Russia, detected keys vulnerable to various attack techniques, from brute force (repeatedly trying different keys) to more sophisticated ones. All with the same result: the theft of a password to impersonate, steal assets or commit different types of cybercrimes.

“Kaspersky telemetry reveals more than 32 million attempts to attack users with password-stealing programs in 2023. These figures show the importance of digital hygiene and proper password policies. In June 2024, Kaspersky analyzed 193 million passwords found on various darknet resources. These results demonstrate that most of the passwords reviewed were not strong enough and could be easily compromised using intelligent guessing algorithms. Analysts also indicate the speed with which cyberattacks allow passwords to be obtained,” the company explained.

Here, statistics and tips to avoid being violated.

Of those 32 million attempts, these are the statistics for guessing passwords:

• 45% (87 million) in less than 1 minute.

• 14% (27 million) from 1 minute to 1 hour.

• 8% (15 million) from 1 hour to 1 day.

• 6% (12 million) from 1 day to 1 month.

• 4% (8 million) from 1 month to 1 year.

When we say “guess”, we must clarify: it is not about a user manually testing key by key, but rather automated attacks with different methods. And artificial intelligence and automation is not something used only by those who want to make legitimate use of these tools.

The company explains: “Attackers do not require deep knowledge or expensive equipment to crack passwords. For example, a powerful laptop processor is able to find the correct combination for a password. 8 lowercase letters or digits using brute force in just seven minutes, and modern video cards – in 17 seconds. In addition, intelligent password-guessing algorithms take into account character substitutions (“e” for “3”, “1” for “!” or “a” for “@”) and popular sequences (“qwerty”, “12345”, “asdfg”).”

“Experts found that only 23% of passwords were found to be strong (44 million), as it would take more than a year to compromise them. In addition, most of the passwords examined (57%) contain a dictionary word, which significantly reduces their security,” the study explains.

Among the most repeated passwords, popular words such as “forever”, “love”, “google”, “hacker”, “gamer” were found, and the most detected standard passwords were “password”, “qwerty12345”, “admin”, “12345”, “team”.

“In this sense, the analysis showed that only 19% of all passwords contain the basic elements to achieve a robust combination: a word that is not in the dictionary and a combination of lowercase and uppercase letters, as well as numbers and symbols. In turn, the study revealed that 39% of these passwords could also be guessed in less than an hour using smart algorithms“Kaspersky adds.

“Unconsciously, humans create ‘human’ passwords: they contain dictionary words in their native language, with names and numbers. Even seemingly strong combinations are rarely completely random, so they can be guessed by algorithms. Therefore, the most reliable solution is to generate a completely random password, using . These applications can securely store large volumes of data, providing comprehensive and robust protection of user information,” says Yuliya Novikova, Head of Digital Fingerprint Intelligence at Kaspersky.

To avoid being hacked, you can take into account the following tips:

• It’s almost impossible to memorize long, unique passwords for all the services you use, but with You will only have to memorize a master key.

• Use a password different for each service. That way, even if one of your accounts gets stolen, the rest won’t suffer the same fate.

• Passwords can be more secure when used unexpected wordsEven if you use common words, you can arrange them in an unusual order and make sure they are not related. There are also online services that will help you check if a password is strong enough.

• It is best not to use passwords that can be easily guessed from your personal information, such as dates of birth, names of family members, pets or your own name. These are usually the attackers’ first attempts.

• Enable the Two-factor authentication (2FA)While not directly related to password security, enabling 2FA adds an extra layer of security. Even if someone discovers your password, they would still need a second form of verification to access your account. Today’s password managers store 2FA keys and secure them with the latest encryption algorithms.