Researchers at Lancaster University in the UK have developed what they say can guess passwords correctly 73 percent of the time. In an article published on the university website, they say the system which they all TarGuess this system is so accurate that it is able to guess passwords of even more security conscious online users with a 32 percent accuracy. With a score 73 percent, that’s as high as it can get for online security.
But trying to guess passwords by itself could be tricky because most servers allow for a really limited amount of tries after which it blocks either the attacker or the legitimate owner of the account. This researchers though were able to come up with a way around this through mathematically backed algorithms that gives them some data on the potential victim. On getting this data, they are able to increase guess precision levels to the 73 percent levels they claim.
“TarGuess, systematically characterizes typical targeted guessing scenarios with seven sound mathematical models, each of which is based on varied kinds of data available to an attacker…extensive experiments on 10 large real-world password datasets show the effectiveness of TarGuess”
Of the 10 real-world passwords they were able to guess correctly, some included the ones in the Yahoo breach. It’s actually amazing that users still use passwords such as 123456 which is one of the passwords you shouldn’t use ever. Not even on websites that don’t take your personal info.
In conclusion, the authors said would our algorithms be still effective when cracking “real accounts” about which little is known? We confirm this with a further experiment to crack Xiaomi cloud passwords, which are MD5 hashed with salt, leaked from the world’s 3rd largest phone maker.
Several tech companies have made it a duty to gradually phase out the password as we know it and in other cases have employed two-factor authentication in light of ease of password theft these days. MasterCard came up with other ways like “selfie-authentication” to make it more difficulty for attackers while keeping the authentication process fun.
In 2015, a report said 90% of password can be cracked in seconds. “Passwords containing at least eight characters, one number, mixed-case letters and non-alphanumeric symbols were once believed to be robust,” said Duncan Stewart, a director of research for the report. “But these can be easily cracked with the emergence of advance hardware and software.”
The important thing to note here is that, the researchers did say the success rate of breaking strong passwords is still low but seeing as majority off us retain weak passwords over a long time, we could fall victim to this someday. Constantly change your passwords and don’t use the same password on different sites because that’s all hackers need sometimes.
A good example is that 500 million Yahoo accounts were compromised and another 100 million LinkedIn accounts were compromised in 2012. Sometimes the details stolen on one site can easily be used to breach your account on another site.