New report reveals strong rise in passwords circulating on the dark web, putting finances and other personal data at risk
Cybercriminals have access to more than 24 billion username and password combinations – the equivalent of 4 for everyone on the planet.
But while many people are leaving their financial accounts and other personal information vulnerable to criminals, there are some simple things that they can do to bolster their security.
International threat intelligence and digital risk protection firm Digital Shadows says that there has been a 65% jump in the number of username-password combinations circulating on the dark web since 2020.
Too many people are still using easy-to-remember passwords such as 123456 (0.46% of all passwords) or qwerty. These and many other simple passwords can be cracked by criminals in less than one second.
However, adding a special character (such as @ # or _) to a basic 10-character password would mean criminals facing a 90-minute challenge to gain access using software; adding two of these special characters would take this time to 2 days and 4 hours.
With these extended times, it’s likely that hackers would give up and move on to easier targets.
Mitigated risk
The move away from passwords is underway. RBC this week announced two new partnerships including one which will significantly reduce the need for passwords when connecting financial apps in Canada.
However, for now, there is a big problem with vulnerable credentials.
“In just the last 18 months, we at Digital Shadows have alerted our clients to 6.7 million exposed credentials. This includes the username and passwords of their staff, customers, servers and IoT devices.” said Chris Morgan, Senior Cyber Threat Intelligence Analyst at Digital Shadows.
Morgan added that many of these instances could have been mitigated through using stronger passwords and not sharing credentials across different accounts.
Other steps that are recommended include using a password manager, multi-factor authentication (MFA), or an authenticator app.