Cheap consumer hardware cracks complex passwords in seconds

A dream tool for hackers capable of cracking nine billion passwords a second can be bought for as little as £400, warns hosting firm UKFast

A dream tool for hackers capable of cracking nine billion passwords a second can be bought for as little as £400, warns hosting firm UKFast.

Researchers found a low-spec desktop PC with two readily available, high-power graphics cards can be used to decipher a six-character password made up of just lower-case letters and numbers in under a second.

More complex passwords made up of upper and lower case letters, numbers and symbols took only 90 seconds, shattering the widely-held belief that complex passwords are sufficient to protect personal data online.

Such machines could be used by cyber criminals to decode stolen databases of encrypted usernames and passwords to access online portals and accounts, UKFast said.

“Although the actual power of the machine is relatively low, the architecture of the graphics cards gives it the extra fire-power to complete simple tasks – such as brute-force cracking passwords – significantly faster at a remarkably low cost," said Stuart Coulson, director of datacentres and head of the security team at UKFast.

“The fact that this level of power is so readily available to cyber criminals highlights the importance of long and complicated passwords and for businesses to use strong encryption algorithms for their data."

Last year, tests performed by UKFast team showed that a £30 graphics card available from consumer computer retailers could process 158 million possible passwords a second.

“Nobody is immune to the damage a weak password can cause – even those in high-powered positions of authority,” said Coulson.

"Every extra character makes the hacker’s job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is."



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Privacy and data protection

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.




  • Passive Python Network Mapping

    In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against ...

  • Protecting Patient Information

    In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data ...

  • Mobile Security and Privacy

    In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity ...