https://community.isc2.org/t5/Industry-News/Smart-Guessing-Algorithm-Cracks-87-Million-Passwords-In-Under-60/m-p/71372#M6922 <P>There's some movement in industry towards passwordless authentication. But phishing resistant MFA Is also recommended even if passwords do need to be used. (Awareness efforts like World Password Day have helped us spread good information, though.) Unfortunately, sometimes there are programmatic (SW) and/or hardware programmed limitations regarding password complexity.</P><P>&nbsp;</P><P>Lee Kim</P><P>&nbsp;</P><P>ISC2 Board Candidate 2024</P><P><A href="http://www.linkedin.com/in/leekim" target="_blank">www.linkedin.com/in/leekim</A></P> Sat, 22 Jun 2024 04:05:09 GMT leekimjd 2024-06-22T04:05:09Z https://community.isc2.org/t5/Industry-News/Smart-Guessing-Algorithm-Cracks-87-Million-Passwords-In-Under-60/m-p/71351#M6921 <P>Hi All</P><P>&nbsp;</P><P>With just a few dollars, a little time, and a smart brute-force guessing algorithm, most passwords can be cracked in much less time than you might imagine. According to a <A class="" title="https://www.kaspersky.co.uk/blog/password-can-be-hacked-in-one-hour/27738/" href="https://www.kaspersky.co.uk/blog/password-can-be-hacked-in-one-hour/27738/" target="_blank" rel="nofollow noopener noreferrer">new analysis from the experts at Kaspersky</A>, 59% of 193 million actual passwords were cracked in less than 60 minutes, and 45% were cracked in less than 60 seconds.</P><DIV class="">&nbsp;</DIV><P>The basis of a brute-force attack is where the perpetrator iterates all possible combinations in order to find a match for the password in question. However, Antonov explained, “smart guessing algorithms are trained on a passwords data-set to calculate the frequency of various character combinations and make selections first from the most common combinations and down to the rarest ones.”</P><P>&nbsp;</P><P><A href="https://www.forbes.com/sites/daveywinder/2024/06/19/smart-guessing-algorithm-cracks-87-million-passwords-in-under-60-seconds/" target="_blank" rel="noopener">https://www.forbes.com/sites/daveywinder/2024/06/19/smart-guessing-algorithm-cracks-87-million-passwords-in-under-60-seconds/</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Jun 2024 01:40:09 GMT https://community.isc2.org/t5/Industry-News/Smart-Guessing-Algorithm-Cracks-87-Million-Passwords-In-Under-60/m-p/71351#M6921 Caute_cautim 2024-06-21T01:40:09Z https://community.isc2.org/t5/Industry-News/Smart-Guessing-Algorithm-Cracks-87-Million-Passwords-In-Under-60/m-p/71372#M6922 <P>There's some movement in industry towards passwordless authentication. But phishing resistant MFA Is also recommended even if passwords do need to be used. (Awareness efforts like World Password Day have helped us spread good information, though.) Unfortunately, sometimes there are programmatic (SW) and/or hardware programmed limitations regarding password complexity.</P><P>&nbsp;</P><P>Lee Kim</P><P>&nbsp;</P><P>ISC2 Board Candidate 2024</P><P><A href="http://www.linkedin.com/in/leekim" target="_blank">www.linkedin.com/in/leekim</A></P> Sat, 22 Jun 2024 04:05:09 GMT https://community.isc2.org/t5/Industry-News/Smart-Guessing-Algorithm-Cracks-87-Million-Passwords-In-Under-60/m-p/71372#M6922 leekimjd 2024-06-22T04:05:09Z