According to a recent study, hackers continue to advance in their password cracking techniques. The simplest passwords can be found in an instant and combinations with ten characters in a few days.
This is the obsession of all Internet users. But contrary to what one might think, having your mailbox or Netflix account hacked is not just bad luck. In reality, many of us make it easier for hackers by using passwords that are far too simple and therefore easily decipherable.
It should be understood that hackers do not spend hours in front of their screen trying to find your secret password manually. That said, they could because certain combinations such as “123456”, “azerty” or even more simply “password” were still widely used last year according to statistics from the Nordpass site.
Today, most sites ask users to complicate their passwords logins by using a mix of lowercase, uppercase, numbers and special characters. Moreover, they do not store the passwords directly on their servers but encode them with the "hashing" technique based on an algorithm. So if your code is "password", it will be stored as "5f4dcc3b5aa765d61d8327deb882cf99". There are several hashing methods and therefore the same password may have different encodings depending on the methods used by the sites.
This precaution forced hackers to employ other strategies. One of the most widespread is that of "brute force", a software that will test an infinity of passwords, starting with the most basic, until one of them corresponds to the key encrypted by the algorithm. Depending on the complexity of the password, it may take more or less time.
18 varied characters to be totally safe
In its latest study, Hive Systems, a company specializing in computer security systems, has just established a ranking of the longest combinations to decipher. We discover that a password made up of 6 characters (numbers, letters, capital letters or special characters) can be cracked in a fraction of a second. The level of security goes up a notch when you comply with the widespread rule of 8 characters of different types. In this case, the pirate will need… 5 minutes.
In reality, to be truly protected, it would be necessary to provide a password composed of at least 12 upper and lower case characters which would take about 6 years to decipher. Add a 13th letter and the time limit increases to 332 years. And if you really want to have peace of mind, mixing 18 characters of all kinds it will take 26 trillion years to access your emails. Planet Earth and the sun will have succumbed long before your password.
ChatGPT in the hacker arsenal
The Hive Systems study nevertheless points to clear progress among hackers. The classic 8-character combination that takes 5 minutes to find used to take 8 days in 2020. These times have been shortened recently with the emergence of artificial intelligence like ChatGPT now used by some hackers.
Opposite, the sites that host the most sensitive data such as banks or the Paypal service now use the method of double authentication. Not only do you have to provide the password, but you also have to enter a code specially created for the connection attempt that you usually receive on your phone. In some cases, it may also be biometric data or a fingerprint.
Comments
Post a Comment