Today I was looking for a password strength calculator to estimate how long it would take to break your typical 8 character “strong” password, which most people say would take years to break. After I found a decent one I realized most of them are based on the speed of the CPUs found in your average computer. However, thanks to advances in password cracking utilities you can now use the GPUs found in graphics cards, which are much faster than CPUs. An 8 character password that would take a year to crack with a computer’s CPU only takes 19 hours with the GPU in a graphics card. When people tell you your data is safe because you have a strong password, think again.
How can you protect yourself? The two most popular options these days are a longer password (think 32 characters), or two-factor authentication. A longer password is the easiest option, just use a sentence for a password instead of a single word. Two-factor authentication typically isn’t easy to set up and is aimed and larger businesses, but Google, Facebook, and a number of banks now support two-factor authentication for clients. If you have the option for two-factor authentication I definitely recommend enabling it.
http://hackaday.com/2011/06/01/gpu-password-cracking-made-easy/
http://www.zdnet.com/blog/hardware/cheap-gpus-are-rendering-strong-passwords-useless/13125