An eight-character-long password made of numbers can be cracked instantly, according to the IT firm Hive Systems.
Every year, the company releases its password table, which displays the time needed to hack a password using the best consumer-accessible hardware.
It ran its test against passwords, encrypted with the method used on most websites. In this case, it was bcrypt, which was the most widespread, according to the data from previous breaches.
But this encryption isn’t infallible and can be worked backwards.
Overall, the longer and the more complex the passwords, the longer it takes to crack them, with the most complex eight-character passwords taking 164 years.
On the other hand, passwords of six characters or under can all be hacked within two weeks.
It should be noted that the passwords tested by Hive Systems are also randomly generated.
If a password has been previously stolen, uses dictionary words, or has been reused between websites, the time needed to crack it drops dramatically, as shown below.
New safety features are increasingly required
If you want to test the strength of your passwords, the website How secure is my password?, as the name suggests, can tell you if you need to change it.
While longer passwords offer better protection, managing them can be a challenge, which is why password managers that securely store and encrypt login credentials are a popular solution.
In addition, a password manager favours using unique, complex logins that limit the security exposure in case of a data breach.
Even if your password is weak, websites usually have security features to prevent hacking using brute force, like limiting the number of trials.
Portals leading to sensitive information also often use an additional layer of security, such as two-factor authentication, to prevent fraud.
While frequent password changes were previously advised, experts now emphasise creating strong, unique passwords and sticking with them unless they are compromised.
This approach is considered more effective than frequent modifications, which can lead to weaker passwords and the reuse of similar ones.
