Graphics cards of the new generation made a mass hack cheaper.
Almost every second password on the Internet today can be hacked in less than a minute. Specialists of Kaspersky Lab analyzed 231 million passwords that have leaked to the darknet from 2023 to 2026, and came to a disappointing conclusion: 60% of combinations are amenable to selection in less than an hour. Over the past two years, the situation has only gotten worse, and the capacity of video cards has made a hack even faster and cheaper.
To check, experts used one NVIDIA RTX 5090 video card and passwords encrypted by the MD5 algorithm. Compared to the RTX 4090, the speed of over-the-counter increased by 34% and reached 220 billion hashes per second. You can rent such power through cloud services for only a few dollars per hour, so even complex attacks have long ceased to be an expensive pleasure.
Modern services usually do not store passwords in the open form. Instead, the system retains hash – an encrypted sequence of characters. When you enter, the password again turns into a hash and is compared with the stored value. If the attacker receives the base of such hashes, the selection of the original password begins.
Several methods are used for hacking. The easiest option is a complete selection of all combinations. Another method is based on so-called iris tables, where millions of pre-deciphered passwords are already contained. But the greatest efficiency is shown by “smart” algorithms trained at huge leakage bases. Such systems know popular patterns, take into account the replacement of letters with symbols like “@” or “$” and first check the most likely combinations.
Almost half of all the pastimes studied were so weak that they were able to pick up in less than a minute. Another 12% are hacked in the time of up to one hour. Only 23% of combinations require more than a year of continuous overrun.
The main problem is human habits. Users massively add to the words of the number, years of birth and simple symbols. The situation is aggravated by the reuse of the same combinations on different sites. In this case, the attacker does not even need to pick up anything - it is enough to find a password in one leak and check it on other services.
As a protection, experts advise using password managers, creating long random combinations and not storing passwords in notes or browser. It is also recommended to switch to access keys instead of traditional passwords and be sure to include two-factor authentication through authentication applications, not SMS.
Almost every second password on the Internet today can be hacked in less than a minute. Specialists of Kaspersky Lab analyzed 231 million passwords that have leaked to the darknet from 2023 to 2026, and came to a disappointing conclusion: 60% of combinations are amenable to selection in less than an hour. Over the past two years, the situation has only gotten worse, and the capacity of video cards has made a hack even faster and cheaper.
To check, experts used one NVIDIA RTX 5090 video card and passwords encrypted by the MD5 algorithm. Compared to the RTX 4090, the speed of over-the-counter increased by 34% and reached 220 billion hashes per second. You can rent such power through cloud services for only a few dollars per hour, so even complex attacks have long ceased to be an expensive pleasure.
Modern services usually do not store passwords in the open form. Instead, the system retains hash – an encrypted sequence of characters. When you enter, the password again turns into a hash and is compared with the stored value. If the attacker receives the base of such hashes, the selection of the original password begins.
Several methods are used for hacking. The easiest option is a complete selection of all combinations. Another method is based on so-called iris tables, where millions of pre-deciphered passwords are already contained. But the greatest efficiency is shown by “smart” algorithms trained at huge leakage bases. Such systems know popular patterns, take into account the replacement of letters with symbols like “@” or “$” and first check the most likely combinations.
Almost half of all the pastimes studied were so weak that they were able to pick up in less than a minute. Another 12% are hacked in the time of up to one hour. Only 23% of combinations require more than a year of continuous overrun.
The main problem is human habits. Users massively add to the words of the number, years of birth and simple symbols. The situation is aggravated by the reuse of the same combinations on different sites. In this case, the attacker does not even need to pick up anything - it is enough to find a password in one leak and check it on other services.
As a protection, experts advise using password managers, creating long random combinations and not storing passwords in notes or browser. It is also recommended to switch to access keys instead of traditional passwords and be sure to include two-factor authentication through authentication applications, not SMS.
