• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to footer
  • Our Services
  • Contact Us
  • Newsletter
  • Top Nav Social Icons

Mobile ID World

Mobile ID World

Identification Revolution

  • Mobile ID
    • What Is Mobile ID?
    • Identity Associations
    • Premier Partners
    • FAQ
  • News
  • Solutions
    • Behavioral
    • Facial Recognition
    • Fingerprint Biometrics
    • Iris Biometrics
    • Second Factor
    • Smart Cards
    • Smartphones
    • Vital
    • Voice
    • Wearable Tech
    • Other
  • Applications
    • Access Control
    • Cloud Technology
    • Commerce
    • Enterprise
    • Healthcare
    • Identification
    • Internet of Things
    • Law Enforcement
    • Strong Online Authentication
  • Exclusive
    • Interviews
    • Featured Articles
    • Podcasts
  • Companies
  • Events

Dark Web Sees 65% Increase In Passwords for Sale: Report

June 16, 2022

Billions of credentials are currently up for sale on the dark web, according to a new report from Digital Shadows. The cybersecurity firm believes that cybercriminals are now circulating 24 billion user name and password combinations, a figure that is up 65 percent from the 15 billion credentials that were available in 2020.

Dark Web Sees 65% Increase In Passwords for Sale: Report

The 65 percent spike is not quite as dramatic as the 300 percent jump that Digital Shadows reported between 2018 and 2020, though it still poses a significant security threat in terms of the sheer volume of compromised credentials. That 24 billion number does include some duplicates, but there are still at least 6.7 billion unique credentials on dark web marketplaces. Cybercriminals added 1.7 billion credentials to that total in the past two years, which represents an increase of 34 percent.

However, people’s poor password choices may be an even bigger problem. Forty-nine of the 50 most commonly used passwords can be hacked with freely or cheaply available hacking tools. That means that cybercriminals do not need to have valid credentials to gain access to many accounts, since they can simply guess the password and break in just as quickly. Most weaker passwords can be cracked in less than one second, and represent a severe security gap.

Thankfully, Digital Shadows does have some advice for people who want to eliminate those vulnerabilities. The weakest passwords are easy-to-remember words or strings of numbers and letters, with password, qwerty, and 1q2w3e being amongst the most popular (123456 accounts for a full 0.46 percent of all passwords). Adding a single special character (such as a # or @ sign) can boost the amount of time needed to crack a 10-character password to 90 minutes, and a second special character can lengthen that process even further to upwards of two days.

The upshot is that most people can protect themselves with only a couple of symbols. Digital Shadows also encourages people to use a password manager, and to implement multi-factor authentication whenever possible.

“We will move to a ‘passwordless’ future, but for now the issue of breached credentials is out of control,” said Digital Shadows Senior Cyber Threat Intelligence Analyst Chris Morgan. “In just the last 18 months, we have alerted our clients to 6.7 million exposed credentials. Many of these instances could have been mitigated through using stronger passwords and not sharing credentials across different accounts.”

Multiple experts have warned that passwords are one of the weakest forms of authentication. Unfortunately, many businesses have been slow to transition to more secure alternatives even when they are aware of the limitations of password-based security.

Filed Under: Industry News Tagged With: cybercrime, dark web, digital security, Digital Shadows, hack attacks, multi-factor authentication, password hygiene, password security, passwordless authentication, passwords

Related News & Articles

French IT Security Agency Certifies IDEMIA Mobile ID Solution

NEXT Biometrics Announces New Chief Sales and Marketing Officer

Financial Services Must Embrace AI, Automation to Compete Against Disruptors: Report

Primary Sidebar

Learn About Mobile ID and Aviation

Tweets

Sponsored Links

facetec logo

FaceTec’s patented, industry-leading 3D Face Authentication software anchors digital identity, creating a chain of trust from user onboarding to ongoing authentication on all modern smart devices and webcams. FaceTec’s 3D FaceMaps™ make trusted, remote identity verification finally possible. As the only technology backed by a persistent spoof bounty program and NIST/iBeta Certified Liveness Detection, FaceTec is the global standard for Liveness and 3D Face Matching with millions of users on six continents in financial services, border security, transportation, blockchain, e-voting, social networks, online dating and more. www.facetec.com

FACEPHI is a global leader in Facial Recognition technology and in Mobile Biometrics technologies. With a strong concentration in the financial sector, FacePhi’s product is rapidly becoming a service used by banks all over the world. Its implementation doesn’t just save money, it is also a way to attract clients and build loyalty, while increasing the security of transactions for both the customer and the business. To learn more about FacePhi, visit https://www.facephi.com/en/

Recent Posts

  • NordPass Enables Biometric, TOTP-secured 2FA for Business Users
  • Mastercard Solution Certified Under UK’s Digital ID Framework
  • Transatlantic Digital Traveler Identity Project Gets High-Profile Tech Partner
  • Digital Identity Tech Demo Online Event
  • Mobile ID Comes to Another US Campus

Footer

  • About Us
  • Company Directory
  • Advertise With Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Archives
  • CCPA: Do not sell my personal info.

Follow Us

Copyright © 2023 MobileIDWorld