User-Selected Passwords Still Getting Cracked

User-Selected Passwords Still Getting Cracked

By Robert Lemos

http://www.darkreading.com/advanced-threats/user-selected-passwords-still-getting-cr/240162756

Robert Lemos gives warning that passwords are becoming increasing vulnerable to attacks. Password cracking utilities can leverage the power of the processor on an off the shelf graphics card in order to do 26 billion password tries per second. Graphics card are very good at making parallel calculations. When Statford's password hash were stolen, most were recovered within 24 hours. These passwords were eight randomly selected characters. 630,000 passwords were cracked. Research are developing advanced real world lists of passwords for dictionary attacks. Researchers are also getting smarter at understanding the patterns people use when choosing their passwords. One expert stated, "Smart guessing is relevant when passwords are not totally random but when there was used some technique to create a password. In case of totally random passwords, only brute-force attack can help and that is when speed" becomes most important. The technique of substituting numbers and symbols for letters offers poor protection. Password crackers are aware of these methods and try them first. It is also important to use different passwords for different sites. Even with advances in password cracking most passwords are stolen using social engineering methods.