Globally-renowned research finds hackers can still crack passwords quickly

FOR IMMEDIATE RELEASE
April 23, 2024

CONTACT
David Oglethorpe
Vice President, Communications
Hive Systems
804-396-4720
mediarelations@hivesystems.com

Globally-renowned research finds hackers can still crack passwords quickly

Study finds an increase in time to crack passwords due to rise in popularity of updated algorithm

RICHMOND, Va. –  In its annual audit of hackers’ ability to crack passwords through brute force, Hive Systems found that any password under seven characters can be cracked within a matter of hours. Due to the widespread use of stronger password hashing algorithms to protect data, the time it takes hackers to crack passwords has increased. However, the updated research from the Richmond, Va., cybersecurity company is little cause for celebration.

“Looking at the data and the increase in time it takes hackers to crack passwords, it could be easy to assume that the cybersecurity industry has made great strides in protecting our data,” said Alex Nette, CEO and co-founder of Hive Systems. “Unfortunately, every time we make it harder for hackers, they find new ways around even the strongest protections. The increased times shown in our 2024 Password Table are promising, but we’re likely to see these times come down again in the near future as computing power increases.”

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms - like bcrypt – for encrypting passwords in  databases. Now, that same 11-character password takes longer to be cracked at 10 hours. However, while stronger algorithms have made it more challenging to crack passwords, it’s highly unlikely to stay that way.

“The nice thing about bcrypt is that as computers get faster you just increase the work factor to crack passwords,” said Corey Neskey, VP of Quantitative Risk at Hive Systems. “However at a certain point, the algorithm becomes frustratingly unusable for web applications and websites, and so compromises have to be made - creating opportunities for hackers.”

Each year, more and more personal data is collected and stored in locations that can be breached by hackers. The most effective solutions for data protection are the use of multifactor authentication and a password manager with random, complex passphrases. Multifactor authentication – a generally free cybersecurity tool that requires a multi-step process to log into online accounts – ensures that any login is approved by the owner of the account. With the advent of publicly accessible artificial intelligence tools, a second step which requires the personal action of a user to confirm their identity is the best way to keep account information safe.

The use of a password manager for creating and storing passwords also significantly increases the safety and security of passwords. However, these passwords will continue to become less and less secure.

The 2024 Hive Systems Password Table – shown and written about in the news, published by universities, and shared by thousands of companies across the globe – is available for download here.

 

# # #

 

About Hive Systems

Hive Systems provides smarter cybersecurity services with our trusted experts, and delivers leading cybersecurity products with Audora and Derive. Leveraging our collective experience, we promote a true partnership by understanding what makes your organization unique to help evaluate your cybersecurity strengths and vulnerabilities. Together, we’ll develop a risk reduction strategy that best utilizes your existing investments, including both technology and people, to reduce your risk anywhere - so you can keep your information secure everywhere. Through Hive Helps, we offer pro bono services to qualified non-profit organizations and communities to ensure that limited resources don’t stand in the way of social progress. Learn more at www.hivesystems.com

Previous
Previous

Powered by Automation: Audora Unveils Integration with Leading Compliance Tools

Next
Next

Audora Reshapes the Auditing Landscape with Automation