How to Hack Passwords: How Long Would It Take Your Grandmother To Do It?

(Hint: You Won’t Believe the Answer)

My last article “Do You Know How Easy It Is to Guess Your Password? (Hint: You Don’t Want to Read This!)”, was about how hackers can obtain massive databases of human generated passwords and run them through off-the-shelf tools on commodity hardware by using Graphics Card GPUs to gain speed and computing cost advantage. This article will delve into how easy it will be for your grandma to rig up a password cracking machine.

First step for Grandma is to visit Amazon and pickup some hardware.

Perhaps a nice BitCoin mining rig that can compute SHA – 256 hashes at 60 GH per second. What does that mean? 1 MH/s is 1,000,000 (one million) hashes per second. 1 GH/s is 1,000,000,000 (one billion) hashes per second. So this rig can do 60 Billion hashes per second and it is only $699.  Great Christmas present for this Grandma.

Next, on to the internet to download L0phtCrack. Note the Run Wizard button (the Tophat icon). Hey, Grandma just hit the Tophat button! Boom Grandma has Pwned your Internet. Hope she does not run into any of your private files…

Or if she is from the Grace Hopper generation, perhaps she is up for the world’s most popular password cracker Cain and Abel.

The second and third screenshot are a courtesy of (and Centrify for the advertisement).

So what does that say about those of us who still use passwords?  If Grandma can spend about an hour to order a computer that can blast through SHA -256 encryption at the rate of 60 Billion per second? Not to mention the script kiddie friendly password cracking tools that are widely available for free.  Turns out we have given away the master keys to all of our digital locks. Lets change the locks!!!!!! Stop using passwords.

There is so much evidence that we need to change. Perhaps we are doomed, but I like to believe in the goodness of humankind — plus biometrics are becoming much more ubiquitous and easy to use, i.e Apple Facial recognition and fingerprint, Samsung fingerprint and eye scan/facial recognition. AI also offers us a path forward.

So let’s insist on multi-factor authentication (MFA) and use biometrics wherever possible to stop all the evil grandmothers from cracking our passwords.

Learn how to rethink your security without relying on passwords with our e-book, “Rethink Security: A Massive Paradigm Shift in the Age of Access.”