Passwords are totally obsolete as a way of preserving user info. You can use cloud storage to pick all of them in a few minutes, and Google or Yandex are located in the service for decrypting hashed passwords in a few seconds.
Hacking in minutes
Passwords that for years and decades have kept user data protected hardly defend users from hacks, writes The Talk. It dedicated an empirical paper to this, in which it suggested that password guessing requires very little time and can be done for a minimal sum in the real world.
Armed with a password file of the right length, it can be used by a hacker to brute force an account. This can take a varying period of time based on the resources he has and the complexity of the password, but if you use cloud storage, for example, then an eight-character password can be retrieved in around 12 minutes. Such a major time save would cost a cyber criminal just $25 (1910 rubles at the exchange rate of the Central Bank as of September 23, 2020), according to The Conversation.
But there are also more affordable options to get access to the right account to waste time and resources. There are web resources that have documents and keys for users, and anyone who buy such records will only need to locate the combination they need with a quick search for a text.
For example, on the Internet you can buy an archive with 593 million email addresses and passwords to them. Such a purchase will cost only 14.4 Australian dollars. (790 rubles).
Hash is not a panacea
Often, in stolen databases with passwords from certain sites, these same passwords are presented in hashed (encrypted using a special algorithm) form. Attempting to authenticate using an encrypted password will not produce the desired result.
But even this has now ceased to be a problem. There are many public sites on the web that allow you to instantly convert a hashed password to a regular one. Moreover, you don’t even have to look for them – search services will do it on their own. For example, the password “Pa $$ w0rd”, encrypted with the SHA-1 hash algorithm, looks like “02726d40f378e716981c4321d60ba3a325ed6a4c”. If you enter this combination into Google, then the very first link in the search results will lead to a decoder site. The CNews editorial office was convinced that it works with Yandex as well.
Hashes decryption is no longer a problem and is carried out directly online
Decrypting passwords from a hash has become so widespread that various websites that list popular passwords along with their hashed value have appeared on the Internet. In the search bar, you can insert the appropriate hash and receive a ready-made password.
No one needs data security
Password brute-force practices would lead users to learn how to create the longest and most complex combinations of letters and symbols to protect against hacking. But, in fact, everything is completely different. In 2019, according to statistics from the SplashData resource, the top three most popular passwords included “123456”, “123456789” and, of course, “qwerty”.
Most popular passwords are not sophisticated
The situation with popular password combinations has not changed over the years. So, “123456” has held the first place for at least the last five years, and the word “password”, from 2015 to 2018. which consistently occupied the second line, only in 2019 dropped to the fourth.
Possible solution to the problem
Passwords can no longer ensure the security of user personal data, but they do not yet have a ubiquitous alternative. As a result, there is only one way to protect your information at least partially – you need to use different passwords on different sites and in different systems.
This approach will reduce the likelihood of hacking all accounts at once. In addition, the user does not have to rush to change passwords on all sites where he used the stolen combination. Also The Conversation recommends storing all passwords in special managers – separate programs or web services.