Graphics cards aren't that smart. But they are good at doing the same thing over and over again. This, researchers reckon, makes them good at 'brute force' password attacks, in which, if one password doesn't hack it, another is tried. Using a decent graphics card, the number of attempts can ratchet up into the billions, depending on how determined the hacker is to bust in, researchers have warned.
Boffins at the Georgia Tech Research Institute say that seven-character passwords are becoming "hopelessly inadequate", mainly because graphics cards are so good at brute-force attacks.
"We've been using a commonly-available graphics processor to test the integrity of typical passwords," said Richard Boyd, senior researcher on the Georgia Tech team "Right now we can confidently say that a seven-character password is hopelessly inadequate - and as GPU power continues to go up every year, the threat will increase."
Higher-end, parallel processing GPUs operate at nearly two teraflops, processing trillion floating-point operations per second, making seven-character passwords useless.
The boffins say passwords should these day contain at leaset 12 characters, to be on the safe side. A combination of upper an lower-case letters, along with the odd number and a few symbols chucked in, add to the complexity of course.