In honour of World Password Day 2026, recent research has highlighted a sobering reality for digital security. A study by Kaspersky researchers has revealed that 60 per cent of passwords protected by the MD5 hashing algorithm can be cracked in less than one hour using a single modern graphics card, such as the Nvidia RTX 5090. Even more concerning is that nearly half—48 per cent—of these passwords can be compromised in under one minute.
This discovery serves as a vital reminder that the technologies used to protect information must evolve as quickly as the hardware used by malicious actors.
The Problem with Fast Hashing
At its core, a “hash” is a digital fingerprint of a password. When you log into a website, the system does not usually store your actual password. Instead, it stores a hash. When you enter your credentials, the system hashes your input and compares it to the stored version.
MD5 (Message Digest 5) was once a standard for this process. However, it is what is known as a “fast” hashing algorithm. While speed is excellent for legitimate data processing, it is a significant liability for security. Because MD5 is so efficient, modern computers can attempt billions of password combinations every second.
Why Hardware is Winning the Race
The primary reason for this shift in the security landscape is the increasing power of Graphics Processing Units (GPUs). While originally designed for rendering high-end video games, GPUs are exceptionally good at performing the repetitive mathematical calculations required to crack hashes.
As hardware becomes more powerful every year, passwords that were considered “secure enough” a decade ago are now trivial to bypass. The research indicates that passwords are actually easier to crack in 2026 than they were just two years ago, simply because the tools available to attackers have improved while many organisations have failed to update their underlying security frameworks.
The Human Element: Predictability
Beyond hardware power, the study found that password predictability remains a major factor. Attackers analyse patterns from hundreds of millions of previously exposed passwords to optimise their cracking algorithms. This means that even if you believe your password is clever, if it follows a common pattern or uses predictable character substitutions, it is likely already in a database used by hackers to speed up their efforts.
How Organisations Can Enhance Their Security
It is often the responsibility of the service providers and businesses to ensure they are using modern protections. If your organisation still relies on outdated hashing methods like MD5, it may be time to consider a transition to more robust, “slow” hashing algorithms.
- Implement Slower Hashing: Algorithms such as bcrypt, scrypt, or Argon2 are designed to be intentionally slow. This has no noticeable impact on a single user logging in, but it makes it mathematically impossible for an attacker to brute-force millions of passwords in a short timeframe.
- Enforce Stronger Policies: Moving away from simple character requirements and encouraging the use of long, complex passphrases can significantly increase the time required for a successful crack.
- Conduct Regular Audits: A technical audit of your systems and cloud infrastructure can help identify where legacy code or outdated security controls may be leaving your data exposed.
Protecting Yourself as an Individual
While businesses must do their part, individuals can also take steps to improve their personal security posture:
- Use a Password Manager: These tools allow you to create and store unique, complex passwords for every single account you own, removing the temptation to use predictable patterns.
- Enable Multi-Factor Authentication (MFA): This adds a critical layer of protection. Even if an attacker successfully cracks your password hash, they would still require a secondary code from your device to gain access.
- Assume Breaches Will Happen: It is safer to assume that any website could be breached in the future. By using different passwords for every site, you ensure that a compromise in one location does not lead to a total loss of your digital identity.
How Vertex Can Assist
Navigating the complexities of encryption and data protection requires a high level of expertise. At Vertex Cyber Security, our team of experts provides leading services to hundreds of businesses, ensuring their security implementations remain aligned with modern objectives.
Whether you require a technical audit of your infrastructure or a comprehensive review of your organisation’s security strategy, we are here to help. We believe that “good enough” is not sufficient to protect against the latest cyber attacks.
To ensure your organisation is protected by the world’s best cybersecurity services and scalable products, please visit our website or contact our team for tailored advice.