Passwords as a means of protecting user data are completely outdated. You can pick up any of them in a few minutes using cloud computing, and the service for decrypting hashed passwords can be found in Google or Yandex in a couple of seconds.
Crack in a few minutes
Passwords that have been securing user data for years and decades have been difficult to protect users from hacking, The Conversation writes. It highlighted this analytical article, which pointed out that in today’s world passwords take very little time and can be obtained for a minimum amount.
Armed with a file with passwords of the right length, a hacker can use it to crack an account by brute force. Depending on his tools and password length, it may take a different amount of time to crack it, but, for example, if you use cloud computing, an eight-character password can be picked in about 12 minutes. According to The Conversation, such a significant saving of time will cost the cybercriminal only $25 (1910 rubles at the Central Bank rate as of September 23, 2020).
But there are even more affordable ways to gain access to the right account in terms of time and money. There are online services that offer customers archives and passwords to them, and whoever buys such archives will only need to find the combination they need by simply searching through a document.
For example, you can buy an archive with 593 million e-mail addresses and passwords to them online. This purchase will cost only AUD$14.4. (790 rubles).
Hash is not a panacea
Often, in stolen databases with passwords from certain sites, these very passwords are presented in hashed form (encrypted using a special algorithm). An attempt to authenticate using an encrypted password will not lead to a proper result.
But even this is no longer a problem at the moment. There are many public sites on the Web that allow to instantly convert a hashed password into a regular password. Moreover, you won’t even have to search for them – search services will do it themselves. For example, the password “Pa$$w0rd” encrypted with SHA-1 hash algorithm looks like “02726d40f378e716981c4321d60ba3a325ed6a4c”. If you enter this combination in Google, the first link in the search engine will lead to the decryption site. The CNews editorial staff has made sure that this also works with Yandex.
Decrypting passwords from a hash hash has become so common that numerous websites began to appear on the Web, listing common passwords along with their hashed value. You can enter the desired hash into the search string and get a ready-made password.
Data Security-No-one Needs Data Security
Password brute-force practices should have led users to learn how to create the longest and most complex combinations of letters and symbols to protect against hacking. But, in fact, this is not the case at all. In 2019, according to SplashData resource statistics, the first three most popular passwords were “123456”, “123456789” and, of course, “qwerty”.
The situation with popular character combinations for passwords hasn’t changed for years. Thus, “123456” holds first place for at least the last five years, and the word “password”, from 2015 to 2018, stably occupied the second line, only in 2019 went down to fourth.
Can solve the problem
Passwords can no longer ensure the security of users’ personal data, but they do not yet have a widely used alternative. As a result, there is only one way to protect your information at least partially – you need to use different passwords on different sites and in different systems.
This approach will reduce the probability of hacking all accounts at once. Besides, the user won’t have to change passwords in a hurry on all sites where he used a stolen combination. Also, The Conversation recommends that all passwords be stored in special managers – individual programs or web services.