cracking sites

For years, hackers have used a variety of password-hacking devices to break into the intranet, but the availability of high-performance paint screws has multiplied their capabilities. Here's a look at the password hacking capabilities of today's guis and what we can do with ours.

World password day is a bold effort initiated by the cybersecurity professional community to promote strong passwords. Habits on the 1st thursday of may every year since 2013 have come a long way, the best way to diagnose the risks of using weak passwords. But we need more than just one day dedicated to this. This is because the law of unintended consequences has greatly accelerated the vulnerability of passwords.

Modern hackers are so adept and adept at cracking passwords that there may be over 15 billion logins stolen out of more than one hundred thousand hacks. On the dark web, and the use of these stolen credentials is the basis for 61% of all data breaches. Given the tools that hackers use to hack our passwords, we need to implement multi-factor authentication as quickly and efficiently as possible, or use complex passwords that are difficult to crack. Alas, hackers have found a new weapon to upgrade their arsenal - high-performance gpus that can crack eight-digit passwords in milliseconds.

More: two authentication tools that will replace passwords forever

Nvidia geforce rtx 4090: the ultimate password cracker

According to the nvidia website, the new rtx 4090 is the ultimate geforce gpu as it redefines performance, efficiency and graphics expectations based on ai. Having at its disposal 24 gb of memory g6x, which provides an unrivaled experience for visitors. Unfortunately, he does something else quite well. It cracks passwords with any speed and efficiency.

In tests, through the microsoft new technology lan manager (ntlm) rtx 4090 authentication protocol, it recorded speeds of 300 ghz/sec and 200 khz/sec. This helps it crack passwords twice as fast as its predecessor, the rtx 3090. Perhaps the most frightening claim is that an iron horse with eight rtx 4090 gpus can cycle through each of two hundred billion eight-character password combinations in just 48 minutes, using the exhaustive search method. Power methods. Of course, your average 8-digit password is left compromised in less time. For example, one of the commonplace passwords, such as "12345678", happens to be obtained in milliseconds.

In other words, for about $1600 you can do password cracking, which then turns into cracking. This is due to the fact that much of the asset landscape of today's it holdings is protected by a simple password. Crack your elevated login password, and the user wreaks havoc and compromises data. Modern graphic slots are more than a big step forward in the game. They also serve as an investment for attackers who know how to use this technology.

Password vulnerabilities today

According to the microsoft digital security report 2022, password-based attacks turn out to be the main method of compromising accounts. The report tells a chilling story about how vulnerable passwords are today.

There are about 1,000 password attacks every second, up 74% from a year agonearly 90% of those breached accounts are not protected by multi-factor authentication, and the percentage of mfa-protected accounts remains low100% of human-controlled ransomware attacks included stolen credentials that were either hacked, stolen by malware, or ordered from darknet.Of a sample of over 39 million iot and ot devices, 20% were protected by identical client names and passwordsapproximately 27% of scanned firmware images contained accounts with passwords that still used weak authentication algorithms.

Tips for keeping passwords hack-proof

If that's not enough, the 2022 annual password statistics show that "password" is the fourth most common password in use. Th today. If we want to acknowledge minor victories, cracking sites there is some relief that "123456789" has a much higher crack forum rating than "12345678" since nine digits are harder to crack than eight. Unfortunately, password #1 is only made up of six digits.

The truth is that digital users need a wake-up call about password usage. The 8 character rule, which served us extensively not too long ago, does not work today, thanks to the computing power that the average person can allow himself and find. Today's off-the-shelf high-performance gpus allow the average person to crack even the most complex 8-character password in less than one hour. For this and other reasons, microsoft recommends important rules for passwords: 12 characters in length.All passwords must include a combination of uppercase and lowercase letters, numbers, and symbols.No word in the dictionary may be used in combination with the name of any person, place, product, or company.Make sure that any new password is better than your previous passwords.Change your password immediately if you suspect it may have been compromised.

More: the digital identification system is not used properly: how to fix it

Additional controls needed

The simple truth about passwords is that the longer the better. Unfortunately, a long password is not spontaneously secure or practical for a large number of users. There is a direct relationship between the length and complexity of passwords and the number of support calls. Our memory isn't geared towards remembering long strings of passwords.

That's why you need more controls now. Additional controls, including mfa, account lockout, and monitoring, are now required among other things, as is your password policy, if nothing else. Unfortunately, the hackers are targeting some of the controls directly. You are welcome during mfa fatigue. Don't argue, it's a thing. Imagine an attacker using a script to perform endless attempts to log into your account. This provides a stream of mfa requests that you can approve or reject. Their purpose is either to bore you so that you eventually approve one, understandably: to stop the annoyance, or to accidentally press the approval key while responding to a flurry of mfa requests. In certain cases, a phishing e-mail is sent from the it department asking you to click the "confirm" button.

This is why often people reliability experts now do not recommend using sms text messages for mfa. The preferred alternative today is an authentication add-on that generates numeric codes that expire over a number of seconds. It's also good to set threshold stops on the sum of mfa requests, thus locking the account after the maximum number of mfa requests have been made.

Another effective tool is a password manager. These controls will automatically generate a unique long and modern password. After which it will independently match each account registration with reasonable credentials, which will prevent the user from reusing the same set of passwords. The user is required to remember one well-thought-out password in order to access the password manager.

Summary: the time has come to recognize the threat and prepare training for it

Implementation of new weapons technologies throughout history has forced warlords to constantly adapt new strategies to counter their deadly might. Alas, history often shows that generals often lag behind in changing their tactics. We cannot allow ourselves to make this mistake in the area of ​​passwords that such virtual accounts and digital assets will protect. It's time to recognize the power of these powerful painting screws and adopt the right cybersecurity strategies to counter their capabilities.

Does your organization have a strong password policy for all employees? Comment below or let us know on linkedin, twitter or facebook. We are ready to hear from you personally!