How many characters does your Windows workstation password have? Mine, for example, has 8 symbols, which means it is insecure. Yes, it’s the minimal number of symbols for such a password, but now it is not enough to protect our virtual area, because there is already a 25-GPU server cluster running a combination of Linux, Virtual OpenCL and a password-cracking app, ocl-Hashcat Plus, that is able to check 350 billion eight-character passwords per second.
So this machine needs only 5.5 hours to guess your password checking totally 6.6 quadrillion password combinations. You should also know it checks all eight-character passwords including upper/lower-case letters, digits and symbols.
The time it can crack Microsoft’s NTLM cryptographic algorithm, which is in use since Windows Server 2003, is shocking, but when it comes to passwords with more symbols, it becomes not that appealing. For example, to guess a nine-character password, these 25 AMD Radeon graphics cards will need 500 hours, and for ten-symbol passwords it will work 5.4 years.
So when setting a password for your workstation, write at least ten characters, because currently it’s the most secure way to protect yourself. Ah, and do not use a word or phrase taken from a dictionary.