The difference between a short password and a long one? Trillions of years
A new study has found how quickly passwords of different lengths can be cracked by hackers – and it’s bad news if you’re using eight letters or less.
Hive Systems, a cybersecurity company based in Richmond, Virginia, has detailed how the length of a password directly correlates to the amount of time it takes to crack it.
The study found that even eight-letter passwords that include numbers, uppercase letters, lowercase letters, and symbols can be cracked in less than an hour by the average hacker.
Shorter or simpler passwords can be identified within a matter of minutes with just basic equipment.
Conversely, passwords that are 18 characters in length and also use a mix of symbols, letters, and numbers could, in theory, take 438 trillion years to be solved.
Hive Systems compiled the results of their findings into a colour-coded table and also highlight how faster tech has helped hackers crack passwords even faster over the past two years.
For example, in 2020 it would have taken a hacker three weeks to crack a nine-character password with upper and lowercase letters, numbers, and symbols. Now, it could take them just two days.
The 🟪 Purple Wave 🟪 is here! Check out how the Hive Systems Password Table changed from 2020 to 2022, and then go download the latest version of it at https://t.co/Hy1hklW66d pic.twitter.com/JRofSJZygE
— Hive Systems (@hivesystems) March 4, 2022
In a blog post, the company explained that hackers use a technique called ‘hashing’ to crack passwords.
When you make a password for a website, that website will usually disguise it using hashing software so that if hackers break into their server, they’ll only see hashed jumbles of letters and numbers.
This ‘hashing’ can’t be reversed, so what hackers do is create a list of every possible combination of characters on a keyboard and put these through the ‘hashing’ process using commonly-used software.
They then simply find the word that matches the hashed passwords on their lists to determine your original password.
Whilst this is a complicated process, any hacker worth their salt is able to pull it off with consumer-grade equipment.
So, next time you get a spare moment, maybe consider adding a couple of characters to your passwords. It could be the difference between a hacker taking minutes to work out your password and them taking decades to.