A new study by Red9, an American company specializing in SQL (Structured Query Language), or in plainer terms, the language used to communicate with a database, has just revealed the passwords most frequently cracked during brute-force attacks.
And unfortunately, for several years now, itâ??s always been the same money!
Top of the list is 123456, followed by 123456789, the timeless "qwerty" and, in fourth place, the hopeless "password". The rest of the list still lacks originality, with 12,345,678, 111,111, "qwerty123", "1q2w3e", 1,234,567, 1,234,567,890.
Here's something to make life easier for black hats , these malicious hackers, and give some cause for concern to companies facilitating teleworking.
A 2022 study by the American Ponemon Institute revealed that for 70% of organizations surveyed, the risk of cyber-attack had increased with the switch to teleworking. No doubt due to a lack of vigilance, as Sosafe, a German platform also dedicated to cybersecurity, indicates that employees would click three times more often on malicious e-mails when working from home.
An eight-character password cracked in a second
Vulnerable passwords such as the most common six-character ones can be cracked at lightning speed. On the IT. Connect website dedicated to computer tutorials and courses, it is stated that an eight-character password comprising numbers, lowercase, uppercase and special characters resists decryption by software between twelve minutes and four hours. Today, an AI like ChatGPT takes just one second. A combination of 13, 14 or even 16 characters (except, of course, a sequence of numbers...) would be the most effective weapon against brute-force attacks.
Commenting on the results of Red9's study, Mark Varnas, founder of the company, states: "The results underline the importance of increasing awareness of password security, as some commonly used passwords continue to present significant vulnerabilities. Using a combination of upper and lower case letters, numbers and special characters, and avoiding easy-to-guess information such as names and dates of birth, can significantly strengthen password resilience against unauthorized access. Updating passwords regularly and refraining from using identical passwords on multiple accounts further strengthens your defense against potential security threats."
