Latest news with #HiveSystems
Forbes
17-05-2025
- Forbes
19 Billion Stolen Passwords For Sale Online — New Warnings Issued
Billions of stolen passwords are now available online. I recently reported how an incredible 19 billion stolen passwords had been found to have been published on the dark web and criminal marketplaces online. That article went viral in a way I never expected, but that's a good thing considering what has emerged since. Two new warnings have been issued, which are of particular importance given the ongoing reports of compromised passwords and how they are being used in cyberattacks. Take heed of these warnings now and ensure you are not the next victim. Although you might think you are on top of the whole password construction and usage thing, the chances are that is not actually the case for far too many people. I mean, after all, when one new report reveals that there were 2.9 billion unique yet compromised passwords available on dark web forums and Telegram channels across 2024, you have to wonder whose passwords you are using. If you don't follow strictly random processes for creating long and strong passwords, such as employing a password manager to generate them for you every time, along with secure management practices to prevent reuse, did I mention password managers already, then you are likely part of the problem, my friend. The 2025 password table, published by Hive Systems, brings real-world insight into how quickly your password can be cracked. I should, at this point, say that I'm not a huge fan of the how long does it take to crack a password approach to credentials security, not least as the propensity of infostealer malware rather makes that irrelevant, but it serves a purpose to illustrate password construction hygiene anyway. The newly published password table report, authored by Corey Neskey, vice president of quantitative risk at Hive Systems, focuses on a hacker using a black box process starting from scratch to crack an unknown hash. But Neskey acknowledged that 'if your password was part of another breach or uses dictionary words, then your password table looks like this,' the this being a table with just the word 'instantly' repeated over and over. Marcus White is a cybersecurity specialist at Specops who specializes in authentication, password security, password management, and compliance. He is, without any shadow of a doubt, a password expert. A May 13 report authored by White goes into some detail about the passwords that hackers are using to specifically attack file transfer protocol ports. While this m ight seem rather niche, it's nothing of the sort. FTP is one of those things that hackers like to attack, often using brute force, because it's usually an easy route into your network. Indeed, Specops research team has been analysing the last 30 days of FTP port attacks against live networks to determine the most common passwords used by the threat actors concerned. 'Knowing the tactics real-world attackers are using,' White explained, 'can help you shape your organization's password policy and defend against brute-force attacks.' Importantly, brute-force attacks will use known passwords and username combinations until access is achieved. Can you guess where a lot of these credentials come from? Bingo! Those infostealer logs. As cybersecurity expert at threat exposure platform NordStellar, Vakaris Noreika, told me, the threat from infostealer malware is far greater than most people imagine. It's not just the fact that so many passwords, and other credentials such as session cookies to bypass two-factor authentication protections, are being stolen, but also the ease of access that cybercriminals have to them. "Dark web users can purchase stealer logs by subscribing to a private channel,' Noreika said, referring to Telegram channels where such access to millions of compromised passwords can be had for as little as $81. So, how do you solve a problem like stolen passwords at scale? You are probably not going tomorrow like this much, but that answer is an obvious one: stop using the darn things. Why risk your carefully constructed, seemingly strong password when you can just use a much more secure and infinitely harder to compromise passkey? If you can't yet use a passkey for any service, then please, don't reuse your passwords.
Time of India
01-05-2025
- Time of India
How fast hackers can break your password with AI might terrify you: The math behind the digital threat
In an age where we store our lives behind login screens—from banking to dating apps—the humble password is supposed to be our last line of defense. But in 2025, your trusted 'Password123' might as well be an open door with a welcome mat. #Pahalgam Terrorist Attack Nuclear Power! How India and Pakistan's arsenals stack up Does America have a plan to capture Pakistan's nuclear weapons? Airspace blockade: India plots a flight path to skip Pakistan Cybersecurity firm Hive Systems has laid bare the unsettling reality of password vulnerability , and their updated Password Cracking Table shows just how laughably quick some passwords fall to hackers. Spoiler alert: if your password is short, common, or easy to guess, you're already exposed. Your Daily Passwords? Hackers Can Crack Them in Seconds We've all been there—struggling to recall our latest password concoction, only to be told we can't reuse an old one. Meanwhile, hackers seem to have no such issues. With the use of rainbow tables, dictionary attacks, and AI-driven brute force methods, even moderately complex passwords are no match. The Hive Systems table makes it crystal clear: a four-character password, even one filled with uppercase, lowercase, numbers, and symbols, can be cracked instantly. That's right—no matter how "creative" you think you are, four characters won't cut it anymore. Even the average six-character password, made with a mix of uppercase, lowercase, symbols, and numbers—the kind most people reluctantly piece together—can take just two weeks to break. It may sound secure, but in hacker terms, it's low-hanging fruit. You Might Also Like: Cybersecurity alert: List of most hackable passwords released, change yours now before it's too late Cybersecurity firm Hive Systems has laid bare the unsettling reality of password vulnerability, and their updated Password Cracking Table shows just how laughably quick some passwords fall to hackers. The Ultimate Password? You'll Need 18 Characters At the other extreme, Hive's research reveals that an 18-character password using the full range of character types would take a jaw-dropping 463 quintillion years to crack using today's tech. That's not a typo—quintillion. It's so far beyond human comprehension that it's effectively uncrackable. But here's the twist: even that fortress of a password could become vulnerable sooner than expected. Artificial intelligence, which is already speeding up password-cracking techniques, could shave that time down dramatically—from 463 quintillion years to just one quintillion. Still impossibly long, but a reminder that no system is ever truly future-proof. AI: The Hacker's New Best Friend? With artificial intelligence now supercharging password attacks, the very technology designed to make our lives easier may also be working against us. Hive Systems and Microsoft MVP Mike Halsey, who originally compiled the table, warn that AI is accelerating brute-force attacks by 'lightyears,' enabling hackers to guess complex combinations at record speed. What's worse is that hackers aren't wasting time on new or obscure combinations. They prioritize previously breached passwords and common patterns, which means if you've ever used 'qwerty,' 'letmein,' or 'abc123,' your digital doors are already halfway open. The Real Takeaway: It's Time to Rethink Password Security The Hive Systems table is more than a curiosity—it's a wake-up call. Even with password managers, two-factor authentication, and biometric locks, your choice of password still matters. So what's the golden rule? Length matters—and so does unpredictability. Go long, go random, and avoid any patterns you've used before. And if you're ever notified about a data breach , change your passwords before someone else does it for you. Because in 2025, hackers aren't knocking. They're already inside—unless your password can hold the line.
Forbes
01-05-2025
- Forbes
Happy World Password Day
LONDON, ENGLAND - AUGUST 09: In this photo illustration, a password log-in box is projected onto ... More the face of a woman on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially following the recent spate of global hacks. (Photo by) Since 2013 the first Thursday in May has been designated as World Password Day, a day intended to remind us of the critical importance of password security Recently a study by market research company Gitnux found that 60% of Americans use the same password for multiple online accounts. This is particularly problematic because if the password is compromised, such as in a data breach of one account, all of the other accounts using that same password which may include sensitive accounts such as online banking become vulnerable. While passwords are still the coin of the realm for account access and verification, newer, more secure authentication methods offer much promise. Biometric recognition, such as through fingerprints, facial features or retina scans can provide enhanced security without the necessity of remembering a password. However, nothing is foolproof and a sophisticated hacker could create a fake fingerprint or use a high resolution photograph to manipulate facial recognition systems. Further, changes in physical appearance or injuries can affect the accuracy of biometric recognition systems. Password managers provide an option for the secure use of passwords. Password managers are apps that can generate and store strong, unique passwords for each of your accounts and all you need to remember is a single master password for your password manager. If you do decide to use a password manager, you should remember not to use your password manager master password for any of your other accounts. Another recent development in password security is to have your browser, computer or phone create and store passwords for you. For Google Chrome For Firefox For iPhones For Android phones However, if you prefer to use the helping hand you find at the end of your own arm and generate your own unique, complex passwords for each of your accounts that are easy to remember, here is a strategy that is very effective. You can start with a strong base password constructed from a phrase, such as IDon'tLikePasswords that has capital letters, small letters and a symbol. Add a few symbols at the end so it may read IDon'tLikePasswords!!! and then adapt it with a few letters for each particular account you have so that you will have a secure and easy to remember password for each of your online accounts. Thus, your Amazon password could be IDon'tLikePasswords!!!AMA. Having unique, complex passwords for each of your accounts is an essential element of online security. A report from Hive Systems indicated that due to advances in advanced graphics processing technology, hackers could crack an 8 character complex password with capital letters, lower case letters and symbols in 39 minutes and a 7 character complex password could be cracked in a mere 31 seconds. As for complex passwords of 6 characters or less, they can be cracked instantly. has a great tool whereby you can type in your password and it will tell you how long it would take for a hacker to crack it. According to it would take 8 quintillion years to crack my IDon'tLikePasswords!!! base password. However, password security is not just about passwords, it is also about your security question. When you set up an account, you select and answer a security question which you can use to change your password if you can't remember the password for the particular account. A problem with security questions is that often the questions may be something like what is your mother's maiden name which a determined hacker, particularly in this era of AI, could find the answer to, change your password and access your account. This is what happened when a hacker managed to take over Sarah Palin's email account by answering the security question of where she met her husband. The easy way to avoid this problem is to pick a nonsensical answer to the security question. For instance, the answer to what is your mother's maiden name could be 'firetruck.' No hacker will be able to determine it and it is so silly that you will undoubtedly remember it. Finally, because it is not a matter of "if," but "when" you will have your passwords compromised in a data breach, it is important that you not only use unique passwords for all of your accounts, but also use dual factor authentication for all of your important accounts so that even if your password is compromised, an identity thief who knows your password will still not be able to access your account. In the most common form of dual factor authentication, when you go to an online account and put in your password, a text message with a one-time code is sent to your cell phone for you to provide in addition to your password to gain access to your account.
New York Post
30-04-2025
- New York Post
Here's how long it takes a hacker to figure out your passwords — and the safest to use
Having to come up with a password that matches the symbol requirements for every site can be a hassle, but there's good reason for it. Of course, the more your password has, the longer it takes for a hacker to figure it out. But it's even more specific than that in terms of how long it would take to guess, according to cybersecurity firm Hive Systems Password Table. Advertisement For example, a password with five characters using numbers, upper and lowercase letters would take a hacker just two hours to discover it. However, a password with 18 characters using numbers, symbols, upper and lowercase letters would take 463 quintillion years. The Hive Systems Password Table shows how long it takes for a hacker to guess your password. Reddit/u/hivesystems The password table was first designed in 2020 to show how fast a hacker can 'brute-force' your password based on data from Advertisement They started by looking at the strength of a hashed password against a hacking attempt based on length, complexity, hashing algorithm used by the victim and hardware used by the attacker. A 'hashed' password is a scrambled version of text that can be reproduced if you know what hash software was used. The experts at Hive Systems analyzed password data breaches from 2007 to now reported by HaveIBeenPwned. The table focuses on the concept that the hacker is working in a 'black box' situation, starting from scratch to hack the password. Advertisement A 'hashed' password is a scrambled version of text that can be reproduced if you know what hash software was used. DC Studio – This shows the 'worst case' or 'maximum time required' to do the hacking. Most hackers, according to the blog post, prioritize the words and strings of characters that they'll focus on first through previously stolen hashes, dictionary attacks and rainbow tables. If your password was part of a previous data breach or uses words in the dictionary, then a hacker can figure out your password — no matter how many characters, symbols or numbers used — instantly. Advertisement They noted that these metrics go off the assumption that your password has not been part of a breach in the past. Hackers will often try hashes of all common and breached passwords before even thinking about moving on to new ones.
