How Long to Crack My Password

Have you asked yourself these questions: What is a special character for passwords, and should your passwords include them? Should your password include both uppercase and lowercase letters? What is a brute force attack method? How long does it take to crack an 8 character password with a brute force algorithm? How to protect yourself with Passwarden? Keep reading and find answers to these questions in our detailed overview.

Note: Passwarden is also available as a part of the MonoDefense security bundle.

The brute force attack is one of the most popular methods to crack your passwords. Brute force algorithm is basically a hit and try until you succeed approach. The brute force method sometimes takes longer, but its success rate is rather high. 

What are the examples of brute force attacks? A dictionary attack is the easiest way to describe how to crack a password. In this brute force method, the attacker uses a password dictionary with millions of words that can be used as a password. The attacker tries these combinations one by one. If this dictionary contains the correct combination of characters, the authentication will eventually be successful.

Methods of Brute Force Attacks

Though all brute force attacks have the same goal, there are different methods to crack a password.

• Hybrid Brute Force Attack. This type of attack is based on a list of potentially known credential matches. And the attacker attacks upon every possible match in this list.
• Reverse Brute Force Attack. With this type of brute force attack, an attacker uses a common password against multiple usernames to gain access to an account.
• Credential Stuffing. This type of attack is possible because many users reuse the same username/password combination across multiple sites. Two-factor authentication and different passwords for every different service can help to prevent brute force attacks that rely on credential stuffing algorithms.

Let’s figure out how long it takes to crack different passwords using a brute force algorithm depending on their length, character types, and letter case.

So that we’re on the same page, brute force attack or brute force method of cracking is a cryptographic hack algorithm that relies on submitting all possible combinations until the correct one is discovered.

Now guess how long it takes to crack an 8 character password, for example, “password” with this algorithm? You know, the answer may surprise you - 0.19 milliseconds. For comparison, the duration of blinking is on average 100–150 milliseconds.

Combining several types of characters (lowercase and uppercase letters, digits, and special symbols) is an extremely effective way to make your combination of characters stronger and increase the cracking time from milliseconds to millennia.

This method will increase the maximum time of cracking the password “Password123” to 41 years. If you add “/” or any other special character, this time increases to 63 thousand years. Impressive, isn't it?

[media-item id="9406"]

Fun fact: It would take a computer about 7 quadrillion years to crack the password “i_L0v3_P@$$w@rD3n!” with a brute force algorithm. It could be a good example of a strong password… If only we didn’t make it available for everyone to see… Oops...

But, how to protect yourself from a brute force method? What is more efficient, a short combination with several types of characters or a long one that consists of letters only? Let’s get this over with!

It becomes obvious that the longer the password is, the more combinations there are to check and the more time this process takes. Thus, it makes sense to create long combinations. However, we highly recommend you not neglect password strength and still use different types of characters.

It is also worth mentioning Moore's law. It states that the CPU and GPU double in speed and capability about every two years. Thus, the time to crack a password is also halved. It means that it would take 12 decades today, it would take 6 decades in 18 months, 3 decades in 36 months, and so on.

That’s why you should set up strong and unique passwords and change them from time to time. The recommended frequency of password changes ranges from every 30-90 days to every 1-2 years. That’s how you can make brute force algorithms less effective. 

Brute force methods usually rely on weak passwords and inaccurate network management. Luckily, these two aspects can be improved to prevent network or website vulnerabilities. For example, the usage of strong passwords and enabling two-factor authentication can help to protect yourself from brute force methods and prevent brute force attacks.

How to create a strong password

 As it was mentioned before, it’s better to create long passwords with different types of characters. But that is not the only rule you should follow.

For instance, the password “John-1984” has 9 characters and consists of uppercase and lowercase letters, digits, and special symbols. But it isn’t strong enough, because it contains personal information.

To protect from brute force methods of attacks, you should create a reliable password. To be sure it won’t be compromised, check out these simple tips for creating a strong password.

If you need any help to create a password that meets all security requirements, our reliable password managers with the random password generator feature are at your disposal! Generate strong passwords with ease, immediately save them to the encrypted data storage, and you’ll never wish to create passwords yourself!