ARS Technica has a piece of the state of passwords and how the average password is increasingly coming under attack due to the advance of computing power and the leaks of millions of hacked passwords. The site notes a single AMD Radeon HD 7970 GPU is capable of brute forcing a staggering 8.2 billion passwords per second to find recorded hashes that match the password, a speed only obtainable with expensive supercomputers just a decade ago.
Full details over here.
The advances don't stop there. PCs equipped with two or more $500 GPUs can achieve speeds two, three, or more times faster, and free password cracking programs such as oclHashcat-plus will run on many of them with little or no tinkering. Hackers running such gear also work in tandem in online forums, which allow them to pool resources and know-how to crack lists of 100,000 or more passwords in just hours.
Most importantly, a series of leaks over the past few years containing more than 100 million real-world passwords have provided crackers with important new insights about how people in different walks of life choose passwords on different sites or in different settings. The ever-growing list of leaked passwords allows programmers to write rules that make cracking algorithms faster and more accurate; password attacks have become cut-and-paste exercises that even script kiddies can perform with ease.