Password cracking tools are constantly evolving. The introduction of AI has significantly reduced the time required to brute force passwords and this trend continues to progress.
Despite the advancements in password cracking, the guidelines for creating secure passwords have remained relatively consistent. It is crucial to choose unique, strong, long, and complex passwords to enhance security.
However, many users still fail to follow these simple rules, either by reusing passwords or selecting weak ones, which makes it easier for threat actors to crack them within seconds.
Brute force and dictionary attacks: are two common methods used to crack passwords. Dictionary attacks involve using lists of passwords obtained from breaches to quickly crack a percentage of passwords. On the other hand, brute force attacks involve trying every possible combination of characters on a password.
Password cracking chart 2024
Researchers at Hive Systems have updated their password cracking chart to reflect the current advancements in computing power and security measures.
The chart illustrates the time required for a system equipped with twelve RTX 4090 graphics cards to crack passwords based on different scenarios such as “numbers only”, lowercase letters, upper and lowercase letters, “numbers, upper and lowercase letters,” and “numbers, upper and lowercase letters, symbols”.
For instance, an 8-character password consisting solely of numbers can be cracked in 37 seconds with this setup. If the password includes lowercase letters, the time increases to 22 hours. For a password with a mix of characters, such as numbers, upper and lowercase letters, and symbols, it might take up to 7 years for the machine to crack it.
To evaluate the security strength of a password, consider its length and character composition. Based on these factors, you can refer to the chart to determine the time required for Hive System’s machine to crack that specific password.
Note: More powerful setups can significantly reduce the time needed to brute force passwords. Hence, even if a password seems secure based on this chart, it may still be vulnerable to attacks from more powerful machines.
Password recommendations 2024
1. Always incorporate numbers, upper and lowercase letters, and symbols, provided that the application or service supports these variations.
2. Opt for 16 characters or more, if the service or application allows it.
3. Use unique passwords for different accounts.
Given the challenge of remembering multiple unique 16-character passwords, it is advisable to use a password manager. Bitwarden is a recommended option as it is open source with a free version available. The pro version offers additional features at a minimal cost of $10 per year.
Enhancing security measures
Aside from password cracking methods, certain attacks like phishing can expose passwords without the need for brute forcing. Phishing attempts trick users into revealing their credentials by directing them to fake sites or apps.
Implementing two-factor authentication adds an extra layer of security. It involves using an authenticator app to generate a unique code for authentication alongside the login credentials. This added step prevents unauthorized access even if passwords are compromised.
Image Source: Song_about_summer / Shutterstock