Cheap consumer hardware cracks complex passwords in seconds

A dream tool for hackers capable of cracking nine billion passwords a second can be bought for as little as £400, warns hosting firm UKFast.

Researchers found a low-spec desktop PC with two readily available, high-power graphics cards can be used to decipher a six-character password made up of just lower-case letters and numbers in under a second.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

More complex passwords made up of upper and lower case letters, numbers and symbols took only 90 seconds, shattering the widely-held belief that complex passwords are sufficient to protect personal data online.

Such machines could be used by cyber criminals to decode stolen databases of encrypted usernames and passwords to access online portals and accounts, UKFast said.

“Although the actual power of the machine is relatively low, the architecture of the graphics cards gives it the extra fire-power to complete simple tasks – such as brute-force cracking passwords – significantly faster at a remarkably low cost," said Stuart Coulson, director of datacentres and head of the security team at UKFast.

“The fact that this level of power is so readily available to cyber criminals highlights the importance of long and complicated passwords and for businesses to use strong encryption algorithms for their data."

Last year, tests performed by UKFast team showed that a £30 graphics card available from consumer computer retailers could process 158 million possible passwords a second.

“Nobody is immune to the damage a weak password can cause – even those in high-powered positions of authority,” said Coulson.

"Every extra character makes the hacker’s job more difficult because there are so many more possibilities for what that character can be and the more you can introduce to your password, the safer it is."