Security experts advise creating strong and complex passwords to protect our accounts and online data from intelligent cybercriminals. And “complex” generally means using characters in lowercase and capital letters, numbers and even special symbols. But, complexity can still open its password to cracking if it does not contain enough characters, according to the investigation of the security firm Hive Systems.
In this article, we analyze how long it would take for computer pirates to decipher different types of passwords and what they can do to be safer.
NordPass
Employees for company size
Micro (0-49), small (50-249), medium (250-999), large (1,000-4,999), Enterprise (more than 5,000)
Micro (0-49 employees), small (50-249 employees), medium (250-999 employees), large (1,000-4,999 employees), company (more than 5,000 employees)
Micro, small, medium, large, company
Characteristics
Activity Registry, User Business Management Panel, Company Configurations and more
Dashlane
Employees for company size
Micro (0-49), small (50-249), medium (250-999), large (1,000-4,999), Enterprise (more than 5,000)
Micro (0-49 employees), small (50-249 employees), medium (250-999 employees), large (1,000-4,999 employees), company (more than 5,000 employees)
Micro, small, medium, large, company
Characteristics
Automated supply
Scalefusion Singuno Cyremo
Employees for company size
Micro (0-49), small (50-249), medium (250-999), large (1,000-4,999), Enterprise (more than 5,000)
Any size of the company
Any size of the company
Characteristics
Access management, conditional access, credential management and more
How long does it take to decipher a password?
In his report on the Systems Password Table of HIVE 2024, HIVE discovered that a complex password of eight characters that contains numbers, symbols and higher and lowercase letters will take seven years to decipher, if an attacker will use a top-of the top- OF -THE -The 12 x RTX 4090 graphics card.
In comparison, a five characters password with only higher and lowercase letters can be broken in two minutes. In addition, Hive says that a four characters password with only tiny letters can be hacky instantly, while a password of five characters with higher and lowercase letters can be pirated in three seconds.
In my opinion, this shows how crucial it is to apply the best password practices, such as using a combination of letters, symbols and numbers, whenever possible. This is especially so since, given the marked contrast in the amount of time, passwords could decipher according to their complexity.
On the positive side, even more simple passwords with a greater number of characters are less vulnerable to cracking in a short time, according to Hive's investigation. For example, a 10 -character password composed of numbers would take an hour to break. Meanwhile, increasing that password of only number to 18 characters will increase the time frame to 11,000 years.
Looking at the words versus the numbers, Hive data show that password phrases gain more traditional passwords. A password of 18 characters with only numbers would require 11,000 years to break, but one with the same number of characters that use lowercase letters would take 350 billion years to break. This data shows why passes phrases, which use a long chain of real but random words, can be safer than a complex but short password.
Hive's report shows that passes phrases with a mixture of 18 letters, numbers and symbols in lowercase and lowercase are the most difficult of brute force.
What tools do hackers use to decipher their passwords?
A hacker with the aim of deciphering complex passwords but short enough would need the most recent and most advanced graphics processing technology. The more powerful the graphics processing unit, the faster you can perform tasks such as mining cryptocurrencies and cracking passwords.
With these GPUs, computer pirates can start attacks with brute force and use password cracking software to guess their passwords and other credentials. Brute force attacks involve the use of GPUs and test and machine error test in an attempt to obtain the correct combination of characters, numbers and symbols and, eventually, decipher the password of a user.
For example, one of the most important GPUs today is GeForce RTX 4090 of NVIDIA, a product that begins at $ 1,599. But even less powerful and less expensive GPUs can decipher passwords from a small length and low complexity in a relatively short time.
Computer pirates who do not have the last and best graphics processing on their computers can easily resort to the cloud, according to Hive. When renting computer hardware and graphics through Amazon AWS and other cloud suppliers, a cybercriminal can take advantage of multiple virtual instances of a powerful GPU to make password cracking at a fairly low cost.
In addition, advances in AI have given computer pirates other types of tool to decipher passwords more quickly and efficiently. An April 2023 report by Home Security Heroes that analyzed 15,600,000 common passwords discovered that when using AI, computer pirates could decipher 81% of them in less than a month, 71% in less than a day, 65% in less than an hour and 51 % in less than a minute.
See: Ensure Linux's policy (Premium Techrepublic)
How to protect yourself and your password cracking
Due to the progress in graphics and AI technology, most passwords require less time to decipher that only two years ago. For example, a password of seven characters with letters, numbers and symbols would take seven minutes to decipher in 2020 but only four seconds in 2023. Given these technological advances, how can you and your organization better ensure your accounts and protected by password? ? There are some tips here.
Try to use a passes phrase instead of a password
A phrase of passes is a long chain of often random words. Password phrases are often safer than passwords and are generally easier to remember. Examples of this would be something like “Sunset-Cola-Mouse!” or “gatepen2boxerrose”.
If you follow the passage route, there are some things to remember:
- Make sure you have at least 10-15 characters or more.
- Avoid using common phrases or song lyrics.
- Choose a phase phrase that is memorable for you.
- Add some numbers and symbols to your phrases.
To get a deeper tutorial, see our phrase that it is a phrase of passes? Guide here.
Use a combination of numbers, symbols, capital letters and tiny letters at the same time
One of the main conclusions of the Hive Systems report is the significant influence that complexity has on the general password. By complexity, I mean the presence of letters (superiors and lowercase), symbols and numbers inside the passwords.
While having a type of character makes your password safer, having a combination of all of them will reap more benefits and security.
Use a password administrator
Since creating and remembering multiple complex and long passwords on your own is impossible, a password administrator is your best option. By using a password administrator for you or within your organization, you can generate, store and apply safe passwords for websites and online accounts.
Password administrators to test
1 step step
If you want a password administrator with a refined user interface, I recommend 1Password. 1Password has an intuitive and well -designed desktop application that will facilitate both beginners to organize their passwords.
In addition to that, its 1Password base subscription includes several additional safety features, such as its Watchtower data violation scanner and safe passage and history exchange capabilities. It has also been independently audited by third-party companies, ensuring that it does not register any user information as specified in its non-Logs policy.
For more information, see our full 1PSWORD review.
Bitwarden
For privacy enthusiasts, Bitwarden is my choice. It is an open source password administrator that makes its source code available to the public for review. This means that customers and interested parties can take a look at the bitwarden code and vulnerabilities detect themselves, providing a transparency layer that is crucial for a service that manages passwords. It also has one of the most generous free plans in the market, which allows free users to store an unlimited amount of passwords through an unlimited number of devices.
For more information, see our full Bitwarden review.
Guardian
If you want a more business -centered password administrator, consider the guardian. With your business plan, you can administer the credentials of your team through your administration console, the equipment management functionality and the policy motor feature and executions. Its business plan has even more team -related capacities such as AD and LDAP Sync and Saml 2.0 Authentication. I especially like built -in folders and the Keeper subfolder system, which allows the cleaner management of login credentials between equipment and accounts.
For more information, see our full review of the Keeper.
This article was originally published in August 2023. It was updated by Luis Millares in January 2025.
