Story about password cracking on Fox News: Hackers crack 90% of even 16-character passwords?

On Fox News today, they're reporting on a group of hackers that cracked 90% of even long and strong passwords in a very short period of time.

My first question is: how do they crack them? Apparently, they are able to test over a billion tries per second. But don't websites drop you after a fairly short number of incorrect tries? Unless the hacker actually tests each try, how do they know when they have the answer?

Even if a website lets you have a zillion tries, my websites all seem to take several seconds to respond to a try; so how can a hacker test billions of tries so quickly?

Was this study a serious piece of work? Should we be more concerned (anyone using 1PW is clearly already concerned...)?

Comments

  • khadkhad Social Choreographer

    Team Member

    What's the link to the story? Without any of the facts, it's not really possible to discuss them. :)

  • Sorry, I can't find it. The story appeared several times today on various Fox news programs but I can't find a link on any of them. Weird .. I'll keep looking; maybe the story will reappear.

  • http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/

    This is a similar story; not the one on Fox yesterday. What wasn't explained by Fox was that the crackers were given a list of encrypted passwords much like a hacker might get from the invasion of, say, Bank of America. So they knew they had passwords at the outset.

    Is the moral here that we can take all the care we like with our long and robust passwords but if a hacker gets into the system of one of the sites we use, they can still get our info...??

  • edited May 2013

    No, the moral is that (a) you must use a password manager because passwords need to be completely random and unique for each site, which is impossible to remember, (b) for the passwords you must retain in your head, use a random series of easy to remember words (at least, say, 6), and (c) if a place you use does have its passwords compromised, you should change it because, depending on the method the place used to encrypt it, it could be a relatively short while before your password could be deciphered.

    90% of folks don't do that, which is why it's easy to crack 90% of the passwords...

    I'm a little concerned about the growing list of passwords you must retain in your head:

    • iPhone
    • 1Password for iOS
    • Work login
    • Home Mac
    • 1Password for Mac
    • Second Mac...

    I suppose the other moral is that popular media is a horrible place to get good information.

This discussion has been closed.