GPU’s Now Make Long Passwords Essential

Long, random passwords are even more vital in today’s world of cheap GPU’s (Graphics Processing Unit).

There has been brute force password-cracking software out there for years but now, combined with a GPU rather than a CPU, the cracking time has shrunk incredibly.

In a recent post from Vijay’s Tech Encounters  (GPU Password Cracking – Bruteforceing a Windows Password Using a Graphic Card) Vijay compared cracking passwords with a GPU and CPU.

For example, a five character random password takes a CPU 24 seconds to crack. A GPU takes less than a second. An 8 character password that would take a CPU almost a year to crack takes a GPU 18 hours and 30 minutes. 9 characters is 43 years vs. 48 days, although adding symbols to the mix increases the time.

Since GPU’s are built for math heavy processes like rendering graphics they are much better suited to cracking passwords.

Do you need to worry?

First of all, there are methods to prevent password cracking at the front door (login) of a web site, things like timeouts after 3 guesses, etc. Plus, network speeds are not fast enough to allow a billion guesses per second.

But, what if your password is stolen from a company’s database? Passwords are encrypted and stored as “hashes”, and that’s where password cracking software comes in.

According to privacyrights.org, over 500 million records have been breached since 2005.

So, what do you do?

Use a password manager. Most integrate with your browser so all you need to remember is one master password. They can automatically generate passwords for you. Set yours up to have at least 10 characters, including symbols, and use a different password for each different website.

Use a secure link (https) whenever possible, especially when on the road using a wi-fi connection.

Technology is improving with the use of two-factor authentication, like using a token communicated on a sideband (e.g. SMS message or phone call), tokens generated with a crypto keyfob, or using smartcards for PKI signing.

According to Moore’s Law, password cracking using a GPU will take half the time every two years. It pays to stay ahead of the game.