The Georgia Institute of Technology is warning that GPUs are proving to be the undoing of the password.
In a report, GIT boffins, no really claim that passwords with fewer than 12 characters can be quickly brute-force decoded using a PC graphics processing unit (GPU) that costs just a few hundred dollars.
Richard Boyd, a senior research scientist at the university’s research institute that using a commonly available graphics processor to test the integrity of typical passwords of the kind in use here at Georgia Tech has found that a seven-character password is hopelessly inadequate.
Currently a GPU offers potentially two teraflops of parallel processing power thanks to Nvidia releasing a C-based software development kit.
He said that if you can write a C program, you can program a GPU and use it to crack a password.
However to defend against GPU attacks, the password researchers recommend using sentence-length passwords that mix letters with numbers or symbols, and which are at least 12 characters long, he said.
Of course a password which is that long will just be written on a post-it note and stuck onto the computer monitor.