24 billion usernames and passwords on the dark web | TechBuzz

Usernames and associated passwords are stolen en masse and offered for sale on the dark web shortly thereafter. Digital Shadows, a specialist in threat intelligence, has determined the full extent of this trafficking on cybercriminal platforms. The experts counted a whopping 24 billion username-password combinations. This represents an increase of 65 percent from the last survey in 2020. Thus, there are currently almost four access combinations for every person on our planet for sale on the dark web.

Of the 50 most common passwords, 49 can be cracked in less than a second using tools that are often available for free on cybercriminal forums and are easy to use.

Special characters work

Simple measures lead to the hackers biting their teeth when it comes to passwords and probably looking for an easier break-in target. For example, adding a special character like “@”, “#” or “_” to a simple 10-character password increases the time it would take an offline attack to crack the password by about 90 minutes. Adding two special characters gives an offline cracking time of about 2 days and 4 hours.

Alongside this, like many other cybersecurity specialists, Digital Shadows recommends using password managers to store strong passwords, as well as two or multi-factor authentication, ideally in combination with an authentication app such as Google Authenticator, Microsoft Authenticator or FreeOTP .