The safety of our passwords often is very much due. One more figure, a capital letter, a special character … or not. However, according to the latest report by the American company Hive Systems, specializing in cybersecurity, the power of the general public graphics has reached a level as it makes most of the “classic” passwords. The 2025 report is based on a configuration of twelve RTX 5090 – the quickest graphics card currently accessible – to simulate what a motivated computer hacker could accomplish.
Ever more powerful GPUs, ever lower passwords
Result ? A password made up of eight numbers can be broken instantly, even with only one of these cards. A series of eight tiny letters is barely three weeks from a single GPU. What if this password is a word of the dictionary or is in a data leak? He is immediately compromised.
And it’s just a glimpse. Because Hive Systems also tested the strength of passwords in the face of the capacities of calculation centers which were used to lead to artificial intelligences like Chatgpt. With the GPUs A100 and H100 (NVIDIA) used by OPENAI, a password of eight tiny letters can fall in 30 minutes. A more complex password (tiny, capital letters, numbers, special characters) holds about two months … but nothing insurmountable.
What this study shows is above all the rapid obsolescence of conventional protections. If you still use eight -character passwords, even random, you are in the red zone. Hive recalls that a good defense is based on three essential pillars. First, a long and complex password, ideally generated randomly with a password manager.
Then activation of two -factor authentication (2FA), favoring applications generating codes or, better, physical keys (Yubikey type). Finally, the use of passkeys, a new authentication method without password, which prevents both brute force attacks and phishing attempts.
In parallel, Hive became interested in concrete incidents, in particular the Lastpass data leak in 2022. At the time, the platform used by default a small number of hash iterations to quantify passwords, making their deciphering much faster than expected. According to some researchers, it would have been 2 and a half years to break certain masters of masters – an eternity for a human, but an opportunity to seize for groups of organized cybercriminals.
Even the best hash algorithms (such as BCRYPT or PBKDF2 SHA-256) can do nothing in the face of low, predictable, or reused passwords. The rise of equipment, whether GPU intended for the general public or infrastructure used to cause AI, modifies the rules of the game.
🟣 To not miss any news on the Geek newspaper, subscribe to Google News and on our WhatsApp. And if you love us, .
