LinkedIn, eHarmony, Yahoo—it seems like we hear about a new hack just about every week now. We all know the password rules—don't use your mom's maiden name, don't use your pets name, use numbers and random letters. But despite those guidelines, we could be more screwed than we even thought. Ars Technica has a good look at why it's so bad.
The problem, you see, is that our passwords are spreading across more and more accounts while technology makes cracking passwords ever easier. As Ars explains:
Newer hardware and modern techniques have also helped to contribute to the rise in password cracking. Now used increasingly for computing, graphics processors allow password-cracking programs to work thousands of times faster than they did just a decade ago on similarly priced PCs that used traditional CPUs alone. A PC running a single AMD Radeon HD7970 GPU, for instance, can try on average an astounding 8.2 billion password combinations each second, depending on the algorithm used to scramble them. Only a decade ago, such speeds were possible only when using pricey supercomputers..
Each time a hack happens, crackers become more attuned to the types of passwords people use to protect their accounts and the techniques they employ to make these codes more difficult to uncover. Now they have entire lists full of passwords as a model. A couple of big hacks turned the tide in 2010—one of them hit RockYou, another hit us at Gawker—but since then, they're happening more and more often, as Ars notes:
Almost as important as the precise words used to access millions of online accounts, the RockYou breach revealed the strategic thinking people often employed when they chose a passcode. For most people, the goal was to make the password both easy to remember and hard for others to guess. Not surprisingly, the RockYou list confirmed that nearly all capital letters come at the beginning of a password; almost all numbers and punctuation show up at the end. It also revealed a strong tendency to use first names followed by years, such as Julia1984 or Christopher1965.
So what's the solution? Honestly, beyond everything you've already heard a million times about changing your passwords frequently, there may not be one. Head over to Ars if you want to feel even less secure than you already do. [Ars Technica]