The question is not if your password can be cracked, it is how fast. Black Hat hackers (determined outlaws looking to steal on the internet) are using sophisticated yet affordable hardware to crack passwords.

PC processors constantly increase in computing power either by increasing the speed, the efficiency and/or the number of processors -or cores-, but hackers are now installing multiple graphic cards, which have incredible computing power to build mini supercomputers just to crack passwords. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average a mind boggling 8,200,000,000 password combinations each second, hackers have set up systems with 8 graphic cards that allow more than 16,000 cores cracking passwords at neck breaking speeds.

Most internet users have 25 accounts for which only 7 passwords are used and each is composed of 8 characters or less.

Leaks of password files have terrible consequences, because hackers get a picture of the passwords people are using instead of trying with completely random collections of letters, numbers and symbols, which makes things a lot easier for them. They use this knowledge to build dictionaries to try in any system forcing their way in EVEN FASTER.

Recently a client gave me his credentials for uploading a video and the combination was equivalent to User: ‘smith’ Password ‘smith123’

That is a quite obvious and weak combination, and the website http://www.grc.com/haystack.htm tell us that the password will be cracked in 0.029 seconds in a massive attack. Let’s strengthen it:

 Changing it a little with some substitutions to:

Sm1t4!@3

(Using capital S, 1 instead of i, 4 instead of h and the symbols on top of the 1 and 2) still similar to ‘smith123’, is a great improvement since it will take 1.12 minutes to crack but if we pad it with symbols:

{}{}{}{}Sm1t4!@3{}{}{}

it will take a whopping 1.04 hundred million trillion centuries. There are determined hackers out there, but I can assure you they are not THAT determined. I can also bet you that your bank won’t be around by the time they crack the password. Once you type it a few times this becomes an outrageously strong yet easily remembered password.

 Here are recommendations on how to cover all your bases:

• Generate looooong passwords like the one described above and store them in secure websites like http://lastpass.com or http://passwordsafe.com protected by an equally strong but memorable master password.
• Generate a unique password for every account you use on the internet.
• Change your passwords at least every 6 months. Change it immediately if you have the suspicion that security has been breached.
• When signing in into websites make sure the address of the log-in page starts with https:// and not http:// it means that what you type is encrypted and attempts by others to eavesdrop on your connection to the server to which you are accessing are futile.