Cheap consumer hardware cracks complex passwords in seconds

A dream tool for hackers capable of cracking nine billion passwords a second can be bought for as little as £400, warns hosting firm UKFast.

Researchers found a low-spec desktop PC with two readily available, high-power graphics cards can be used to decipher a six-character password made up of just lower-case letters and numbers in under a second.

More complex passwords made up of upper and lower case letters, numbers and symbols took only 90 seconds, shattering the widely-held belief that complex passwords are sufficient to protect personal data online.

Such machines could be used by cyber criminals to decode stolen databases of encrypted usernames and passwords to access online portals and accounts, UKFast said.

“Although the actual power of the machine is relatively low, the architecture of the graphics cards gives it the extra fire-power to complete simple tasks – such as brute-force cracking passwords – significantly faster at a remarkably low cost," said Stuart Coulson, director of datacentres and head of the security team at UKFast.

“The fact that this level of power is so readily available to cyber criminals highlights the importance of long and complicated passwords and for businesses to use strong encryption algorithms for their data."

Last year, tests performed by UKFast team showed that a £30 graphics card available from consumer computer retailers could process 158 million possible passwords a second.

“Nobody is immune to the damage a weak password can cause – even those in high-powered positions of authority,” said Coulson.

"Every extra character makes the hacker’s job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is."