How Long Does it Take to Hack or Crack a Password

Having a password with a good length and complexity is essential so that its cracking is difficult or almost impossible. Depending on the length and complexity of the key, we can know more or less the time it would take to crack a password. The way in which we create our password will determine its effectiveness against attacks by cybercriminals, normally passwords are often violated by brute force or dictionary. We will also give some tips on how we should create a password to make it as strong as possible.

How to create a good password to make it safe and strong

Our first line of defense against cybercriminals is to have a strong password to properly protect our digital identities. In this article we have made a complete tutorial where it is explained how to create a secure password . Without a doubt, our Google, Microsoft, email and cloud services such as Dropbox must be properly protected, and not only by strong keys, but by two-factor authentication.

How Long Does it Take to Hack or Crack a Password

In the event that we want to build a good password, it must contain:

  1. Capital letters.
  2. Lowercase letters.
  3. Numbers.
  4. Symbols such as @,%, /,) etc.
  5. The minimum recommended length would be set at 12 characters.

A very important aspect that we must take into account is that we have to get used to changing our passwords periodically . Also, if at any given time, you suspect that your password has been stolen, or you have had to use it on a public computer, it is certainly a good time to put a new one as soon as possible.

Another very important factor is that we should not use the same password for everything . This is because if it fell into the wrong hands, not only would that account fall, but the rest of digital identities or accounts would also be in danger, since we usually use the same email for all services. When creating a new password we have to avoid using our date of birth, and that of other public events that are easy to find out about us.

In summary, from this article we advise you to use at least a 12-character password that includes uppercase and lowercase letters along with symbols, and that is not related to our life.

How long does it take to crack a password

To a large extent, the time it takes to figure out your password will depend on how we have built it. A good security policy and the design of a password can give us an extra in this section. As we explained previously, a password with uppercase, lowercase and symbols can greatly strengthen its security. Also, next to this, another key factor is the length of our key, the longer the better.

The cybersecurity company Hive Systems shows us a very complete table of the time it takes to crack a password. In this table we can see that we have a lot of information about how the length of the key affects and also the complexity of it.

Each row shows the number of characters that those passwords have. On the other hand, the columns show what type of characters this password uses to be built. In addition, by using a series of colors it indicates how fragile these passwords are. In that sense, it classifies them using the following colors:

  • Purple: for those passwords that can be obtained instantly.
  • Red: for passwords that are decrypted in a few seconds to a few hours without exceeding one day.
  • Dark orange: it would take a time from 3 days to 5 years to be able to crack them.
  • Light orange: for which it would take from a year to a thousand years for our password to be found.
  • Green: they are undoubtedly the most complex and robust, they would take more than a thousand years to decipher.

Next, we will discuss how strong passwords are based on the number of characters. Therefore, we will make the following classification:

  1. Passwords between 4 and 7 characters.
  2. Passwords between 8 and 11 characters.
  3. Passwords between 12 and 18 characters.

How long does it take to crack a 4-7 character key?

Passwords that are between 4 and 7 characters long are the weakest. As we can see below, they are not highly recommended to use. Based on the table above from Hive Sytems, we have reduced its content so that we can take it as an example. Thus, it would be as follows:

If we look closely at this table we can draw a quick conclusion. In that sense, we have to point out that the vast majority of these keys can be cracked almost instantly. Even if our password is made up of numbers, capital letters, lowercase letters and symbols, we would not have a good password either. Consequently, a cybercriminal could obtain your password from one second to 6 minutes in the worst case.

Therefore, from this article we advise against using these short passwords due to their fragility. Any attacker in a short period of time can be easily done with our account.

8-11 character passwords get better, but not enough

Now it is the turn of passwords between and 11 characters. As in the previous case, to better illustrate the examples I have created a reduced table based on the main one. In this way, we can see the following results in the table:

Here the first thing we appreciate is that instantly they could only find out our password if we only used numbers. If we only use lowercase letters it would take from a few seconds to a day. With the use of lowercase and uppercase letters, we will go from 22 minutes to 5 years depending on the number of characters in our password. In addition, if we then add numbers it will increase even more, establishing the minimum time in one hour until 41 years for passwords with 11 characters.

However, comparing it with the previous category, if we use symbols, we see that things change radically. To find out your 8-character password it would take 8 hours, while if it is 11 characters, it will take 400 years.

Therefore, a password with 10 or 11 characters along with uppercase and lowercase letters, plus symbols is the recommended minimum.

This is the time to crack keys between 12 and 18 characters

At this point it is time to find out how long it takes a cracker to find out your 12-18 character password. Also, as with the other two categories we talked about earlier, we have created a table based on the one from Hive Systems. Here are the results it produces:

The first thing to note is that, within this category, you can no longer find a password instantly. Although, it should be noted that only with numbers we could take from 25 seconds to 9 months. Also with 12 characters and lowercase letters a cracker could take 3 weeks to figure out your password. So that the change can be appreciated, if we add another character and go to 13, it would take a year to find out that same password.

On the other hand, if we simply use only uppercase and lowercase letters, with 12 characters, a cybercriminal would need 300 years to obtain our password. In this sense we can say that the use of passwords from 12 characters significantly improves security. And if above, to create a password, we add uppercase, lowercase and symbols, the improvement is even more spectacular. So the cracker would need 34,000 years to figure out your password.

Finally, as we recommend at the beginning, a good 12-character password with uppercase and lowercase letters and symbols is a good starting point to correctly protect your digital identities.