How much time does it take for hackers to crack my password?

Security experts advise on creating strong, complex passwords to protect our online accounts and data from knowledgeable cyber criminals. And “complex” typically means using small and uppercase letters, numbers and even special symbols. But the complexity itself can still open your password for cracks if it does not contain enough characters, according to research from the security company Hive Systems.

In this article we look at how long it will take for hackers to crack different types of passwords and what you can do to make them safer.

How long does it take to crack a password?

In their password report in 2024 HIVE System’s password table found HIVE that a complex password of eight characters containing numbers, symbols, and both upper and lowercase letters will take seven years to crack-if an attacker should use a top-of-the -The -line 12 x RTX 4090 graphics card.

In comparison, a five -character password with upper and lower case letters can be cracked in two minutes. Furthermore, Hive says that a password with four characters with only lowercase letters can be hacked immediately, while a five-character password with both upper and lower case letters can be hacked in three seconds.

In my opinion, this shows how important it is to use the best practice of the password, such as using a mixture of letters, symbols and numbers whenever possible. This is especially the case, given the sharp contrast in the amount of time passwords could be broken depending on their complexity.

On the plus side, even simpler passwords with a larger number of characters are less vulnerable to cracking in a short time, according to Hives research. For example, a password of 10 characters consisting of numbers would be an hour to crack. Meanwhile, it only increases the time frame to 11,000 years to increase this number-only password to 18 characters.

Looking at words versus numbers, data shows that access phrases win more traditional passwords. A password of 18 characters with only numbers would require 11,000 years to crack, but one with the same number of characters using lowercase letters would take 350 billion years to crack. This piece of data shows why access phrases that use a wide range of real but random words can be more secure than a complex but short password.

HIVES Report shows that access phrases with a mixture of 18 uppercase and lowercase letters, numbers and symbols are the hardest to brute force.

What tools do hackers use to crack your passwords?

A hacker aimed at cracking complex, yet short passwords that are fast enough would need the latest and most advanced graphics processing technology. The more powerful the graphics treatment unit, the faster it can perform such tasks as mining of cryptocurrencies and cracked passwords.

With these GPUs, hackers can initiate brute-force attacks and use password cracking software to guess your passwords and other credentials. Brute Force attacks involve the use of GPUs and machine-driven sample and errors in an attempt to get the right combination of characters, numbers and symbols and eventually crack a user’s password.

For example, one of the top GPUs today Nvidia’s GeForce RTX 4090 is a product starting at $ 1,599. But even less powerful and cheaper GPUs can break passwords in a small length and low complexity in a relatively short time.

Hackers who do not have the latest and best graphics treatment on their computers can easily turn to the cloud, according to Hive. By renting computer and graphics hardware via Amazon AWS and other cloud providers, a cyber criminal can utilize several virtual occurrences of a powerful GPU to perform password cracking at a fairly low price.

Plus, the progress of AI has given hackers another type of tool to crack passwords faster and effectively. A April 2023 report from Home Security Heroes, which analyzed 15,600,000 ordinary passwords, discovered that with the help of AI, hackers could crack 81% of them in less than one month, 71% in less than one day, 65% in less than one hour and 51 % in less than one minute.

See: Securing Linux policy (TechPublic Premium)

How to protect yourself and your organization from password

Due to the progress of graphics and AI technology, most types of passwords require less time to crack than they did just two years ago. Eg? Here are a few tips.

Try using a password instead of a password

An access to access is a large number of often random words. Passforms are often safer than passwords and are usually easier to remember. Examples of this would be something like “Sunset-Cola mouse!” or “Gatepen2boxerrose”.

If you go on the access route there are a few things to remember:

• Make sure it is at least 10-15 characters or more.
• Avoid using ordinary sentences or lyrics.
• Choose a password that is memorable to you.
• Add some numbers and symbols to your sentences.

For a more in -depth tutorial, see ours what is an entry of entry? Guide here.

Use a mixture of numbers, symbols, uppercase letters and lowercase letters at the same time

One of the most important takeaways from the Hive Systems report is the significant influence complexity has on the overall password power. In complexity, I refer to the presence of letters (upper and lower case), symbols and numbers within passwords.

While having a character type makes your password more secure, having a mixture of them all will reap you the most benefits and security.

Use a password administrator

Since creating and remembering several complex and long passwords on your own is impossible, a password administrator is your best choice. By using a password administrator for yourself or in your organization, you can generate, save and apply strong passwords for sites and online accounts.

Password administrators to try

1password

If you want a password administrator with a refined user interface, I recommend 1password. 1password has an intuitive and well-designed desktop application that will make it easy for both beginners and more advanced users to organize their passwords.

In addition, their Base 1PassWord subscription includes various additional security features, such as its monitoring data -violation scanner and secure password sharing and history features. It has also been independently revised by third -party companies, which ensures that it does not record any user information as specified in their policy without logs.

To learn more, check out our full 1password notification.

Bitwardhen

For privacy enthusiasts, Bitwardden is my go-to pick. It is an open source password administrator that makes its source code publicly available for review. This means that customers and interested parties can look at Bitvarden’s code and spot vulnerabilities themselves – providing a layer of transparency that is crucial to a service that handles passwords. It also has one of the most generous free plans on the market, allowing free users to store an unlimited amount of passwords via an unlimited number of devices.

To learn more, check out our full bitvarden review.

Keeper

If you want a more business -centered password administrator, consider keeper. With their business plan, you are able to manage your team’s credentials through their admin console, team management functionality and policy engine and enforcements. Their business plan has even more team-related capabilities such as AD and LDAP SYNC and SAML 2.0 Authorization. I especially like keeper’s built-in folders and subfolders system that enable cleaner management of login credentials across teams and accounts.

To learn more, check out our full keeper notification.

This article was originally published in August 2023. It was updated by Luis Millares in January 2025.