23 July 2016
Find out more

Password protection shattered by cheap GPUs

04 October 2011  |  9496 views  |  3 zeroes

Hackers are using cheap consumer hardware to crack even the most complex passwords in a matter of seconds, according to tests run by server hosting firm UKFast.

UKFast says that a £30 graphics card can be used to boost PC performance to process 158 million possible passwords per second, shattering beliefs that a long password that includes a random combination of symbols, numbers and letters is sufficient to protect sensitive and personal information.

Stuart Coulson, UKFast's security expert says: "A typical home GPU can process 9 million passwords per second, this really shows the power of these graphic processing units. Reasonably complex passwords can therefore be compromised quite quickly by using cheap consumer hardware,"

Using an nVidia GeForce GT220 graphics card - that can be bought for as little as £30 - with the latest drivers on Windows 7, UKFast's security experts were able to crack a 6 character password in 12 seconds, a seven character password in less than five minutes, and an eight character password in four hours.

The current top-specification graphics cards, costing £600, make light work of password cracking, processing 10.3 billion passwords per second.

Users are urged to protect themselves by changing their passwords often and thinking about the complexity and length of their passwords.

Coulson continues: "Nobody is immune to the damage a weak password can cause - even those in high-powered positions of authority. Every extra character makes the hacker's job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is."
KeywordsHARDWARE

Comments: (3)

Frank Nolden
Frank Nolden - PowertoPay BV - IJsselstein | 04 October, 2011, 17:33

Great that hackers can crack the password. If you - as a countermeasure - implement standard password protection and lock the account after x times entering a wrong password, this will prevent hackers to access your account. In most web based environments this is standard functionality. Or am I thinking too simple? 

 

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Simmi Valgeirsson
Simmi Valgeirsson - Westpac Group - Sydney | 04 October, 2011, 23:56

I'm afraid so.  The one way hash algorhitm used by most vendors are well known.  Once you obtain the encrypted version of the password, you can use this tool to reverse engineer it into the un-encrypted version.  Hackers steal the whole password database from servers in their encrypted format and then "reverse engineer" them using tools like this.  It's always taken a long time, but now it's becoming faster and easier.  The lockout i.e. 3 attempts and your out, has no relevance in this.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Anthony Cossey
Anthony Cossey - Fixnetix ltd - London | 05 October, 2011, 13:12

i think two way authentication is the only way to protect yourself, however with RSA being hacked, i fear this solution is still not 100% secure with the leading vendor

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

JPMorgan lifts the lid on GPU-led performance breakthrough

JPMorgan lifts the lid on GPU-led performance breakthrough

11 August 2011  |  8258 views  |  0 comments
Most people reuse banking passwords on other sites - Trusteer

Most people reuse banking passwords on other sites - Trusteer

02 February 2010  |  7047 views  |  0 comments
BNP Paribas CIB rolls out green GPU-based supercomputer platform

BNP Paribas CIB rolls out green GPU-based supercomputer platform

04 March 2009  |  8312 views  |  0 comments

Related blogs

Create a blog about this story (membership required)
Visit capgemini.comVisit www.abe-eba.euVisit VocaLink.com

Top topics

Most viewed Most shared
MasterCard agrees £700m VocaLink acquisitionMasterCard agrees £700m VocaLink acqu...
7895 views 14 comments | 32 tweets | 36 linkedin
hands typing furiouslyWhat Every FinTech CEO Should Know About R...
7753 views 0 | 14 tweets | 8 linkedin
hands typing furiouslyBanking on IoT: Security in the Internet o...
7576 views 3 | 19 tweets | 6 linkedin
Santander doubles down on fintech fundSantander doubles down on fintech fund
7532 views comments | 22 tweets | 28 linkedin
Brexit-scarred London fintech startups enquire about moving to BerlinBrexit-scarred London fintech startups enq...
7368 views comments | 16 tweets | 16 linkedin

Featured job


Brussels (Belgium) or Paris (France)

Find your next job