The Password Is Dead

It’s not going to be too long before you’ll have to have your face scanned before you can open your email, at the rate the password cracking arms race is going.

One method harnesses a commonly available graphics processor to perform guesstimates at two teraflops – 2 trillion operations per second. Another is even faster, using an off-the shelf SSD drive to brute force crack 14 character complex passwords in 5 seconds.

For now, the best solution is to create a password out of an easily-memorized sentence that consists of upper and lower case characters and special characters, but it seems it won’t be long before even that is not good enough.

So what’s the solution? Perhaps not fingerprint scanners. A roll-call system based on fingerprints was pitched to parents of one Australia school, but it could be circumvented by making copies of their fingerprints on gummy bears and having their mates scan in for them. Perhaps the best argument for the need for two-factor authentication is that Windows8 will support facial recognition login. By the time Microsoft gets around to implementing a new technology, you can assume its time is well past due.

Teraflop Troubles: The Power of Graphics Processing Units May Threaten the World’s Password Security System [GTRI]
SSD tools crack passwords 100 times faster [The Register]