A recent study by Kaspersky has revealed a startling vulnerability in digital security: 48% of passwords previously leaked on the internet can be cracked by hackers in less than one minute. When given up to an hour, attackers can access 60% of the world’s passwords. The research, which analyzed 231 million leaked passwords between 2023 and 2026, found that only 23% of these passwords would require a full year of effort to crack.
The rapid pace of password cracking is largely due to the increased processing power of modern graphics cards (GPUs). Hackers use these powerful GPUs to accelerate the decryption of hashed passwords. In the latest study, researchers used the Nvidia RTX 5090, which can compute 220 billion MD5 hashes per second. The MD5 algorithm, which converts passwords into hashed values, is now far easier to reverse thanks to this hardware leap.
Even though top-tier GPUs are expensive—costing upwards of R$ 21,999 in Brazil—hackers can rent cloud-based GPU services for short periods, significantly lowering the barrier to entry for sophisticated attacks. This means that even without owning expensive hardware, attackers can still crack a large percentage of passwords in minutes.
Another concerning trend is the predictability of human-created passwords. Even those generated by AI can retain recognizable patterns, making them vulnerable. The study found that password length is the most critical factor in resisting attacks: eight-character passwords can be cracked within 24 hours in almost all cases.
How to Protect Yourself
Kaspersky recommends several best practices to improve password security:
- Use a password manager to generate and store long, random passwords.
- Avoid saving passwords in plain text files or relying on browser auto-save features.
- Regularly update passwords, ideally with automated tools.
- Enable two-factor authentication (2FA), preferably using authenticator apps like Google Authenticator, Authy, or Yandex ID, rather than SMS or email-based codes.
The report emphasizes “digital hygiene” as a key defense. In an era where brute-force attacks are faster and more accessible, relying solely on passwords is no longer enough. Two-factor authentication and strong, randomly generated passwords are essential to safeguarding personal and corporate data.
In short, the days of simple passwords are over. As technology advances, so must our approach to digital security.
Source: Kaspersky
