Modern hackers, using artificial intelligence and powerful graphics processing units (GPUs), can crack even complex passwords in a matter of days, or in some cases, instantly. New cybersecurity research reported by HotHardware has found that traditional character combinations no longer provide reliable protection.
Image source: AI
Security systems have long used the hashing method – converting a password into a random sequence of characters. For example, the password “Hot2025hard@” can be stored in a website’s database as an encrypted string like “M176рге8739sheb647398nsjfetwuha63”. However, attackers have learned to bypass this protection by creating huge lists of possible combinations and comparing them with hashes leaked onto the network.
According to research by Hive Systems, neural networks like ChatGPT-3, combined with 10,000 Nvidia A100 graphics cards, can quickly crack an 8-character password consisting of numbers, uppercase and lowercase letters. If the password has already leaked online, contains dictionary words, or is repeated on different sites, the hacking occurs even faster.
Powerful GPU clusters pose a particular threat. For example, having gained access to 20,000 Nvidia A100 chips, hackers can crack even long passwords. At the same time, researchers emphasize that we are talking about randomly generated combinations, and simple passwords like “123456” or “qwerty” are cracked instantly.
The conclusion of the study is clear: the usual methods of protection are becoming ineffective. Some large companies, such as Microsoft, are already switching to passkey, a more secure form of authentication without using passwords. It is a secure digital key stored in a special hardware or software module directly on the user’s device, for example, in the Trusted Platform Module (TPM) or in the Microsoft cloud with encryption. However, most users still rely on the outdated password system.
In the meantime, experts advise using passwords at least 12 characters long, including numbers, special characters (such as “@” or “~”) and letters of different upper and lower case. It is also important not to use the same password on different sites and, if possible, activate two-factor authentication.