Cracking a list of hashed passwords is easy. Nate’s article does a great job at explaining how he goes from non-hacker to successful password cracker in a single day. While he simply took an existing text file of hashed passwords — as opposed to hacking into a service and stealing them — he does show that once a hacker has a list of passwords, they can be easily cracked.
For me the biggest takeaway was in his conclusion:
“Password cracking is simply too easy, the tools too sophisticated, the CPUs and GPUs too powerful for me to believe that my own basic attempts at beefing up my passwords are a long-term solution. I’ve resisted password managers in the past over concerns about storing data in the cloud or about the hassle of syncing with other computers or about accessing passwords from a mobile device or because dropping $50 bucks never felt quite worth it—hacks only happen to other people, right?
“But until other forms of authentication take root, the humble password will form a primary defense of our personal information.”