Is your “secure” password 8 characters or less? You have less than 6 hours to change it or kiss your “security” goodbye

The bourgeois press and the police agencies constantly regale us with sad tales of so-called “identity theft” – workers’ lives being turned inside-out by evil computer hackers stealing passwords and then using that stolen information to access bank accounts and personal data, turning the lives of their victims upside-down.

The truth is, most major password security breaches have been made possible by sloppy security practices at major US and international banks, government institutions and popular websites.  On top of that, lazy password selection by people in all walks of life leave them with a false sense of security.  Hundreds of thousands of American workers use worthless, easy-to-guess passwords like “12345” or “password”.  Until recently, so-called “best-practices” at major US corporations demanded that their users devise passwords of a combination of 8 characters – letters, numbers and symbols – in order to prevent hackers from easily”cracking” their passwords using simple processes, like using tables of common dictionary words to determine the vast majority of all passwords in a given set.

However, modern password-hacking technology well within the financial means of your moderately-affluent hacker has become available in the past couple of years.  Now, for just a few thousand dollars, the geek next door can build a computer capable of parsing the “secure” 8-character passwords at the rate of BILLIONS of guesses per SECOND – something which was only possible using supercomputers up until very recently.  How do they do it?  They are building home supercomputers using clusters of graphics acceleration boards that are normally used to run modern video game applications, which are capable of much faster computations per second than typical dual or quad-core processors.


“This $12,000 computer… contains eight AMD Radeon HD7970 GPU cards. Running version 0.10 of oclHashcat-lite, it requires just 12 hours to brute force the entire keyspace for any eight-character password containing upper- or lower-case letters, digits or symbols. ”  By adding more Radeon cards password cracking setups can cut that time in half.  [Photo credit: d3adone; from Ars Technica website]

Workers who do not wish the government and their  employers – not to mention the smart-ass amateur computer expert next door – to steal all their passwords in an afternoon need to take a couple of hours to research these new developments and to take action to create more secure passwords for all their most important online transactions – or get pwn3d.

We’ve found some very interesting articles describing the modern hacking techniques that have rendered all your 8-character-or-less passwords as useless as a screen door on a submarine.  These articles will also explain what you can do to vastly improve your password security arrangements as well.  Check them out!

Ars Technica: Why passwords have never been weaker – and crackers have never been stronger

Ars Technica: 25-GPU cluster cracks every standard Windows password in under 6 hours

GRC – Security Now!: “The Death of Clever”

[Sources: Ars Technica, GRC/ Security Now!]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.