In the name of journalism, Ars Technica's Nate Anderson trained himself to crack passwords. In a detailed longform piece, Anderson describes his journey into the world of script kiddies, using a program called Hashcat to crack a list of passwords left circulating online after an earlier leak. It's painstaking work — hours of tweaking and reconfiguring algorithms — but after a day on the job, Anderson is able to work out more than 8,000 of the 17,000 passwords on his list. (Cracking the rest of them would have taken all year, thanks to the diminishing returns of brute force attacks.) The biggest takeaway, at least for Anderson, is that it's surprisingly easy to unlock a hashed passwords, and choosing longer and more randomized passwords make a big difference in fending it off. By the end, dropping $50 on a password manager seems like getting off cheap.