Most complex passwords cracked by cheap consumer hardware
A ‘super-cracker’ machine with the capability to crack more than 9 billion passwords a second can be bought for around £400 – the cost of a low-spec desktop PC.
Investigations by hosting firm UKFast revealed that the low cost ‘super-cracker’ – built to incorporate two openly-available high power graphics cards – can make light work of cracking passwords, deciphering a six-character code in less than a second.
Cyber criminals are using these high-powered machines to decode stolen databases of encrypted usernames and passwords, enabling them to access all manner of online portals including shopping and email accounts.
The machine, developed at a low cost by UKFast’s security team, has the ability to crack a six character code of letters, numbers and symbols in less than a minute and a half, shattering the belief that complex passwords are sufficient to protect personal data online.
Stuart Coulson, director of data centres and head of the security team at the Manchester based firm said: “Although the actual power of the machine is relatively low, the architecture of the graphics cards gives it the extra fire power to complete simple tasks – like brute force cracking passwords – significantly faster at a remarkably low cost.
“The closest alternative that has this level of ‘cracking power’ would cost more than £600 just for the graphics card. The fact that this level of power is so readily available to cyber criminals highlights the importance of long and complicated passwords and for businesses to use strong encryption algorithms for their data.”
Tests performed last year by the security experts highlighted the capabilities of a £30 graphics card which can process 158 million possible passwords per second and be bought from high-street computer retailers.
Users are urged to protect themselves by changing their passwords often and using a combination of upper and lower case letters, numbers and symbols.
Coulson continues: “Nobody is immune to the damage a weak password can cause – even those in high-powered positions of authority. Every extra character makes the hacker’s job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is.”