More Than Half Of Passwords ‘Can Be Cracked In 24 Hours’

Trustwave Global Security Report shows shocking state of password security around the world

Hackers are gaining access to more online accounts than they were previously due to people not using strong passwords, a report has found.

Despite multiple warnings regarding the weakness of many passwords, research from security firm Trustwave found that over half of passwords tested could be cracked in less than 24 hours.

Overall, the firm’s study, which examined 499,556 hashed passwords gathered during thousands of penetration tests performed throughout last year, found that 51 percent of those could be cracked within 24 hours and 88 percent within two weeks.


SQL-username-passwordThe report also found that 39 percent of passwords were eight characters long, which took Trustwave security testers around a day to crack.

The company is recommending lengthier passwords, noting that the estimated time it takes to crack a ten-character password is 591 days.

These weak passwords were also a major factor towards many of last year’s security breaches, as hackers took advantage of poor controls to hack into company networks.

Trustwave’s report found that 28 percent of breaches investigated were as a result of weak passwords, and were a contributing factor, along with weak remote access security, in 94 percent of POS (point of sale) breaches.

The report follows several major security news stories in recent weeks, most notably the hack of password storing site Lastpass earlier this week.

The site, used by customers to securely store multiple passwords, confirmed that attackers had compromised its systems, with data stolen that could allow hackers to guess weak master passwords.

It is thought the attack was helped by attackers gaining access to low-cost cloud computing resources capable of performing powerful attacks on such security measures.

Are you a security pro? Try our quiz!