Security specialists advise developing strong, complex passwords to protect our online accounts and information from smart cybercriminals. And “complicated” usually means utilizing lowercase and uppercase characters, numbers, and even unique signs. But, complexity by itself can still open your password to cracking if it doesn’t include enough characters, according to research by security firm Hive Systems.
In this post, we look into how long it would take for hackers to break various kinds of passwords and what you can do to make them more protected.
NordPass Staff Members per Business Size Micro (0-49), Small (50-249), Medium (250-999
), Large(1,000-4,999), Business(5,000+)Micro (0-49 Staff Members), Small (50-249 Workers), Medium (250-999 Employees), Big( 1,000-4,999
Staff Members), Enterprise(5,000+Staff Members) Micro, Small, Medium, Large, Business Characteristics Activity Log, Service Admin Panel for user management, Company-wide settings, and more Dashlane Employees per Company Size Micro(0-49), Little(50-249), Medium(250-999), Big(1,000-4,999), Business(5,000+)Micro(0-49 Staff Members), Small(50-249 Staff Members), Medium(250-999 Employees), Big(1,000-4,999 Workers), Enterprise(5,000+Employees)Micro, Small, Medium, Big, Business Characteristics Automated Provisioning Scalefusion Single
Sign-On Workers per Company
Size Micro (0-49), Small (50-249)
, Medium (250-999), Big (1,000-4,999), Business (5,000+)
Any Business Size Any Company Size
Features
Gain Access To Management, Conditional Gain Access To, Credential Management, and more
For how long does it take to crack a password?
In their 2024 Hive Systems Password Table report, Hive found that a complex, eight-character password which contains numbers, signs, and both upper and lowercase letters will take seven years to split– if an enemy were to utilize a top-of-the-line 12 x RTX 4090 graphics card.
In contrast, a five-character password with only upper and lowercase letters can be broken in 2 minutes. Even more, Hive states that a four-character password with only lowercase letters can be hacked instantly, while a five-character password with both upper and lowercase letters can be hacked in three seconds.
The 2024 Hive Systems Password Table. Image: Hive Systems In my view, this demonstrates how important it is to apply password best practices, such as using a mix of letters, signs, and numbers, whenever possible. This is specifically so since, offered the stark contrast in the amount of time passwords could be split depending upon their complexity.
On the plus side, even easier passwords with a greater number of characters are less vulnerable to splitting in a brief amount of time, according to Hive’s research study. For example, a 10-character password made up of numbers would take one hour to fracture. On the other hand, upping that number-only password to 18 characters will increase the time frame to 11,000 years.
Checking out words versus numbers, Hive’s information shows that passphrases win over more conventional passwords. An 18-character password with only numbers would require 11,000 years to break, but one with the very same variety of characters utilizing lowercase letters would take 350 billion years to split. This piece of data programs why passphrases, which use a long string of real but random words, can be more protected than a complex however brief password.
Hive’s report reveals that passphrases with a mix of 18 uppercase and lowercase letters, numbers, and symbols are the most hard to brute force.
What tools do hackers utilize to break your passwords?
A hacker intending to split complex yet brief passwords quickly enough would require the most recent and most sophisticated graphics processing technology. The more powerful the graphics processing unit, the faster it can perform such tasks as mining cryptocurrencies and breaking passwords.
With these GPUs, hackers can start brute-force attacks and utilize password-cracking software application to think your passwords and other qualifications. Brute force attacks involve utilizing GPUs and machine-powered experimentation in an attempt to get the best combination of characters, numbers, and signs and, eventually, split a user’s password.
For instance, among the top GPUs around today is Nvidia’s GeForce RTX 4090, an item that begins at $1,599. However even less powerful and more economical GPUs can crack passwords of a small length and low complexity in a fairly brief amount of time.
Hackers who do not have the current and biggest graphics processing on their computers can easily turn to the cloud, according to Hive. By renting computer and graphics hardware through Amazon AWS and other cloud suppliers, a cybercriminal can use several virtual circumstances of a powerful GPU to perform password cracking at a fairly low expense.
Plus, the advances in AI have offered hackers another kind of tool to crack passwords quicker and effectively. An April 2023 report from Home Security Heroes that evaluated 15,600,000 typical passwords discovered that by utilizing AI, hackers might crack 81% of them in less than a month, 71% in less than a day, 65% in less than an hour, and 51% in less than a minute.
SEE: Getting Linux Policy (TechRepublic Premium)
How to secure yourself and your organization from password cracking
Due to the development in graphics and AI innovation, many types of passwords require less time to crack than they did just two years earlier. For instance, a seven-character password with letters, numbers, and symbols would take seven minutes to crack in 2020 but only 4 seconds in 2023. Offered these technological advances, how can you and your organization much better protect your password-protected accounts and data? Here are a few tips.
Try utilizing a passphrase rather of a password
A passphrase is a long string of often random words. Passphrases are frequently more safe and secure than passwords and are generally easier to remember. Examples of this would be something like “Sunset-cola-Mouse!” or “GatePen2BoxerRose”.
If you go the passphrase route, there are a couple of things to keep in mind:
- Make certain it’s at least 10-15 characters or more.
- Avoid utilizing common phrases or tune lyrics.
- Select a passphrase that’s memorable to you.
- Include some numbers and symbols to your phrases.
For a more thorough tutorial, have a look at our What is a Passphrase? guide here.
Use a mix of numbers, signs, uppercase, and lowercase letters at the exact same time
One of the primary takeaways from the Hive Systems report is the considerable influence complexity has on general password strength. By complexity, I’m describing the presence of letters (upper and lowercase), symbols, and numbers within passwords.
While having one character type makes your password more safe, having a mix of all of them will reap you the most advantages and security.
Utilize a password supervisor
Given that developing and remembering several complex and lengthy passwords on your own is impossible, a password supervisor is your best bet. By using a password supervisor on your own or within your company, you can create, shop, and use strong passwords for sites and online accounts.
More about Cloud Security
Password supervisors to try out
1Password
Image: 1Password If you want a password supervisor with a refined user interface, I suggest 1Password. 1Password has an intuitive and properly designed desktop application that will make it easy for both beginners and more advanced users to arrange their passwords.
On top of that, their base 1Password membership consists of various additional security functions, such as its Watchtower information breach scanner and secure password sharing and history capabilities. It’s likewise been separately investigated by third-party firms, ensuring that it doesn’t record any user info as specified in their no-logs policy.
To learn more, have a look at our complete 1Password evaluation.
Bitwarden
Image: Bitwarden For privacy enthusiasts, Bitwarden is my go-to pick. It’s an open-source password manager that makes its source code publicly offered for evaluation. This indicates that consumers and interested parties can have a look at Bitwarden’s code and spot vulnerabilities themselves– supplying a layer of transparency that’s vital for a service which handles passwords. It also has one of the most generous free strategies in the market, enabling totally free users to keep an unrestricted quantity of passwords through an unlimited number of gadgets.
To get more information, have a look at our full Bitwarden review.
Keeper
< img src="https://assets.techrepublic.com/uploads/2025/02/Keeper-logo-1.jpg"alt= "Keeper logo design." width ="300"height= "78"/ > Image: Keeper If you desire a more business-centric password supervisor, consider Keeper. With their company strategy, you have the ability to handle your team’s qualifications through their admin console, team management performance, and policy engine and enforcements feature. Their enterprise strategy has much more team-related abilities like advertisement and LDAP sync and SAML 2.0 authentication. I specifically like Keeper’s integrated folders and subfolders system, making it possible for cleaner management of login credentials across teams and accounts.
To find out more, take a look at our complete Keeper evaluation.
This short article was originally published in August 2023. It was upgraded by Luis Millares in January 2025.
