Research has been conducted which shows that the processing capacity of graphics cards has been eradicating the strength of passwords. The architectural design of modern graphics cards as a parallel processing unit has given advantages to the graphics card for brute force attacks on passwords.
In 2000, the fastest supercomputer of the time reached a processing capacity of 7 teraflops a second. Comparitvely, graphics cards are now able to put in 2 Teraflops into a standard desktop PC.
Researchers at Georgia Tech point out that:
- Password Length exponentially increases the possible passwords for each character.
- Two Token Authentication reduces risk to almost no risk.
Two token authentication makes attacks almost impossible as it uses a second key which is physically used to authenticate the user, such as RSA SecureID which generates a code that is changing every minute usually which is only displayed on the key. This must be entered to verify the user.
Brute force has been around for a long time, but in the past it has not been very successful against a long password due to processor capabilities being low inside PCs. However nowadays with many PCs having two or more processor cores, and graphics cores multiplying also, the average PC processing capability is much higher. Attackers may not even need to go to the effort of a brute-force attack. In 2007 an attack on MySpace revealed many passwords and the study of those showed some disturbing passwords, with ‘password1’ being the most common.