Once upon a time, hackers tried to guess passwords using a list of words cobbled from a dictionary and fairly feeble computers. Back then, the one password you're using for all your sites was probably pretty safe. But that's not the case anymore, reports Ars Technica, citing huge changes in just the last five years. "It has been night and day, the amount of improvement," says one professional cracker. By using a graphics card's processing power, a modern PC can now try 8.2 billion passwords a second, a speed once achievable only with a supercomputer.
More importantly, a 2009 attack against RockYou.com yielded 32 million passwords, allowing hackers to replace their dictionary-generated lists with words people were actually using, while revealing common strategies like replacing "e" with "3" or capitalizing the first letter. And because people are increasingly using just a few passwords for many sites, each breach exposes users across a host of platforms. To protect yourself, security experts suggest using a different, randomly-generated password on every site, tracking them with a password program. (More passwords stories.)