You’ve probably noticed that lately, more and more websites and more and more programs require you to enter a strong password when you create your account. All this to protect you against brute force attacks. But with the advance of technology, value graphics cards have become more accessible, and all security efforts become useless.
You think that an eight-character password, consisting of uppercase and lowercase characters mixed with numbers, can protect you against a brute force attack? Think again!
With the help of a Radeon 5770 video card and a free software called “ighashgpu” a NTLM password such as “fjR8n” can be broken by CPU in 24 seconds, with a speed of 9.8 million password guesses per second. On a GPU, the whole process takes less than a second, at the speed of 3.3 billion password guesses per second.
If you grow your password to six characters, a password such as “pYDbL6” can be broken by CPU in 1 hour and 30 minutes and by the GPU in just 4 seconds. If we add another character to the password to make it seven characters long, the CPU gets to break your password in 4 days, compared with the GPU, which takes only 17 minutes and 30 seconds. That’s worrying, right?
Perhaps you think that if you add symbols to your password, you will be safe. Wrong! A password of seven characters such as “F6&B is” (note the space) will take about 75 days for the CPU to break it, while the GPU will finish in just 7 hours.
But don’t start hacking yet! Most websites and applications have additional security measures that prevent brute force attacks. You can’t enter more than three consecutive passwords before the authentication process is interrupted. On Windows, you will be prompted to restart. On your bank accounts, they will be automatically locked.
In the future we will probably switch to biometric passwords based on fingerprint or iris scans. The authentication process will become a physical one and not a virtual one as it was up until now. Given the speed at which technology is advancing, that future is not too distant.
Our advice for now is to change your passwords as often as possible and use passwords with at least 15 characters. You can use whole sentences or even phrases to easily remember your passwords. But the safest option is to use software such as Flyingbit Password Keeper, LastPass or Dashlane, to store your passwords.
PS: If you enjoyed our article, please Like us on our Facebook page.