Security News > 2022 > May > He sold cracked passwords for a living – now he’s serving 4 years in prison
Quite literally, the problem scales linearly, so that if it would take you 100 years to crack 1,000,000 passwords on your own computer, then it would take only one year using 100 computers; just over a month with 1000; and under an hour if you had 1,000,000 computers at your disposal.
If we assume that many, if not most, of Tolpintsev's illegally-acquired passwords were cracked from password databases stolen from various cloud services, then it's reasonable to assume that many of the new passwords added to his online catalogue each week came from a randomly chosen pool of users.
He's now been sentenced to four years in prison, and ordered to pay up $82,648 that the DOJ could show he'd "Earned" by selling on the passwords he'd cracked.
Most password crackers use password lists that put the most likely and the easiest-to-type passwords at the top.
2FA doen't eliminate the risk of crooks breaking into your network, but it makes individual cracked or stolen passwords much less useful on their own.
A good password manager will not only generated wacky, random passwords for you, it will prevent you from using the same password twice.