Your Route to Real News

Change Gmail and Outlook password using ‘phrase rule’ right now, experts warn

19 June 2024 , 15:46
1466     0
The majority of leaked passwords can be guessed in under an hour - so how can users protect their accounts?
The majority of leaked passwords can be guessed in under an hour - so how can users protect their accounts?

HACKERS can unscramble passwords with shocking accuracy, but there are easy steps users can take to be more secure.

Computer security experts at Kaspersky studied passwords leaked onto the dark web and discovered that a majority could be cracked in mere hours.

Computer security experts determined that a majority of passwords leaked onto the dark web could be decoded in an under an hour tdiqtidztihdprw
Computer security experts determined that a majority of passwords leaked onto the dark web could be decoded in an under an hourCredit: Getty

Researchers found that 45% of the 193 million passwords they analyzed - a whopping 87 million - were decoded by their algorithm in less than a minute.

Moreover, 59% could be figured out in under an hour and 67% within a month. Just 23% of passwords would take more than a year to crack.

The experts tested password strength using two methods: brute force attacks and smart-guessing algorithms.

What Ola and James Jordan really ate and did to shed 7stWhat Ola and James Jordan really ate and did to shed 7st

Brute force, the strategy used by most hackers, cycles through all possible combinations of letters, numbers and symbols to finds a match and gain unauthorized access to an account.

Meanwhile, smart guessing algorithms train on a password dataset to calculate the frequency of character mashups and make selections beginning with the most common combinations.

Luckily, experts say there are steps people can take to safeguard their data - and it often begins what knowing what not to do.

Kaspersky says using meaningful words, names, and standard character sequences makes your password easier to guess.

The least secure password would consist entirely of numbers or words.

Instead, users should rely on mnemonic passphrases – this means a string of (often unconnected) words that creates a memorable sentence.

Substituting numbers and symbols for letters within the phrase will make it even less predictable.

Reusing passwords across different sites is strongly discouraged. Not all companies store information securely, meaning a data breach on one site could compromise your accounts across platforms.

John Hammond, a cybersecurity expert, shared several other helpful tips.

Hammond himself examines passwords and data leaked onto the dark web, the "hidden" part of the Internet accessible only through a browser known as The Onion Router.

I'm a 'time traveler' - the 'worst case scenario that could kill us all'I'm a 'time traveler' - the 'worst case scenario that could kill us all'

"I know it's a broken record, but it's because it's the right answer," Hammond told The U.S. Sun.

Users should rely on mnemonic passphrases - memorable strings of words - to best protect their accounts
Users should rely on mnemonic passphrases - memorable strings of words - to best protect their accountsCredit: Getty - Contributor

"Have long, complex passwords. Don't use the same password for every service."

Hammond recommends using a digital password manager to keep data in a safe and secure place.

He also stressed the importance of two-factor authentication, which requires that a user prove their identity in two different ways before gaining access to an account. This may entail sending a passcode to your phone or email address.

"In today's day and age, a lot of the applications like Duo or Google Authenticator or Microsoft Authenticator are ideal," Hammond said, adding that multi-factor authentication provides even more security checkpoints.

The security expert says a secure account will require that a user show three pieces of information before being given access.

"The pedestals for authentication are something that you know, which is traditionally a password; something that you have, which is traditionally your phone for the multi-factor key; and then something you are, like using your biometric fingerprint," he said.

Mackenzie Tatananni

Print page

Comments:

comments powered by Disqus