One of the better tools available for cracking passwords is L0phtcrack, by L0pht Heavy Industries (www.l0pht.com).

  • launches a dictionary attack against passwords, then attempts a brute force attack against the passwords
  • claims to be able to crack every possible password, although the timing for completion may vary
  • takes 5.5 hours on a Pentium II 300 to brute force attack an 8 character alpha-numeric password

Changing passwords every two months without repeating any should be a satisfactory method of protection against password crackers.