The word "nguyen" is among the most leaked passwords.

Security firm Kaspersky released a report based on research of 193 million passwords that were compromised and sold on online black markets.

Accordingly, 57% of passwords contain a word that can be easily found in the dictionary of password cracking groups. The most common words include password, qwerty12345, admin, 12345, team, or words used for people's names such as ahmed, nguyen, kumar, kevin, daniel. In which, "nguyen" is similar to the unaccented version of "nguyen" or "nguyen", which appears a lot in Vietnamese names.

According to Kaspersky experts, criminals often use brute force attacks (guessing passwords by trying a series of character combinations until they get a result), or smart guessing attacks. Therefore, common words that are easy to find in the dictionary will significantly reduce the strength of the password as well as the search time.

According to the study, 87 million of the 193 million passwords, or 45%, were cracked in less than a minute, 14% took an hour, and just 4% of the passwords took hackers a year to crack.

Kaspersky also emphasized that with the basic method above, the attackers do not need specialized knowledge or advanced equipment to crack the password. A specialized laptop processor can accurately find a password combination of eight lowercase letters or numbers by brute force in seven minutes, while an integrated graphics card can complete the process in 17 seconds.

Many people tend to replace characters like "admin" with "@dmin" or "password" with "pa$$word" in the hope that hackers will have a harder time guessing them. However, according to experts, this method does not make passwords much stronger, because they are still words that appear frequently in the dictionary, and are also regularly added by hackers to smart algorithms for processing.

In February, a Vietnamese security team used a similar method to identify wifi network passwords and found that nearly 50% of them could be easily cracked using the scanning method. Strings such as 12345678, 88888888, 66668888, camonquykhach, hoilamgi were among the most commonly used passwords.

In 2023, Kaspersky detected more than 32 million attacks on users using password-stealing malware. "This number shows the importance of maintaining a habit of cleaning cyberspace and changing passwords regularly," the company's experts assessed.

According to Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky, people "unconsciously" choose simple passwords, often dictionary words in their native language, such as names and numbers, so they are completely guessable by algorithms.

“The most reliable solution is to generate random passwords using modern and reliable password managers,” she recommends.

To increase strength, experts suggest that users can use a password logger, use different passwords for different services; do not use personal information such as birthdays or first names as these are the first options attackers will try when cracking. In addition, enabling two-factor authentication (2FA) is also recommended to help increase an additional layer of security even if the password is exposed.