Here’s How Fast Your Password Can Be Cracked

Posted: July 17, 2023

Weak passwords are one of the leading causes of cybercrime, identity theft, and data breaches. Sure, it’s easy to say it, but this time we wanted to demonstrate just how easy it is to crack a wimpy password. 

How Does One Crack a Password?

Hackers and cybercriminals have sophisticated tools to aid them. On top of that, they have plenty of useful knowledge on how the general public conducts themselves online.

Passwords, in particular, are a game of statistics. There are a handful of commonly used passwords that a cybercriminal can try first. These include things like the following:

  • 123456789
  • guest
  • qwerty
  • password
  • a1b2c3

These are among the most commonly used passwords in the world. Trying variations of these, or simply sticking an exclamation point or two on the end of them have a chance of getting into an account. In fact, it’s likely that somewhere between 10 and 20 percent of all accounts use a common password similar to this.

If we put ourselves in the shoes of a cybercriminal, or someone who just wants to be mischievous, then we can take that knowledge and optimize our approach for getting into any account.

We invest in a password-cracking tool. This might sound complicated, but all this kind of tool needs to do is produce a massive list of words and strings of characters. Basically, it runs through every word in the dictionary first in a few moments, and then starts sifting through variations and different combinations of letters, numbers, and symbols, starting with smaller strings of characters first.

Okay, maybe I made it seem complicated.

Imagine trying to get into your neighbour’s garage. They have a pin pad with the numbers 0-9 and an “enter” key on it. If you wanted to get into their garage, you would just need to try every single possible combination of numbers until you found the right one.

Just by law of averages and some educated guessing, you can assume that the pin for the garage is probably 4 or 6 digits, so you start with four.

You try the following:

  • 0000
  • 0001
  • 0002
  • 0003

And you keep going until you’ve reached 9999, or the door opens.

If the door doesn’t open, you try every 6-digit option. That’s 000000 through 999999. That will take you much longer to do. By now, your neighbour is probably outside in their slippers asking you to please stop, and the next time you want to borrow their hedge trimmer, you can just 

But a computer could, and a computer could do it very quickly.

That’s how a password-cracking tool works. That is why it is now recommended that we use 12-character passwords. 

Password Table

Source: Hive Systems

How Long Does it Take to Crack a Password?

Considering the fact that most cybercriminals are going to utilize tools that try the most common variations first, it could be instantaneous. Smaller, shorter, weaker passwords will only take a split-second to try. These tools can run through tens of millions of combinations in under a second. 

It certainly depends on the hardware, so we’re basing our numbers on a decently powerful laptop. Here’s how quickly a password can be cracked based on the number of characters in it, and based on the complexity:

So you can see that weaker passwords can be cracked instantly, or within a few seconds or minutes. Once passwords have more characters and more complexity, it becomes *virtually* impossible to crack within someone’s lifetime.

I say virtually, because if your password is long and complex, but it’s just a common variation that can be guessed or a variation that might be attempted early on, then it won’t take nearly as long. The password “Password12345!” might seem complex and long, and according to the chart would take a million years to crack, but since it’s just using some of the most commonplace password trends, it’s considered extremely weak.

This is why strong, unique passwords are so important. You should never use the same password twice, and you should always use passwords that are a minimum of 12-characters, complex, and don’t have guessable information in them (like birthdays, pet names, and other things like that).

And keep in mind, this is just using a commonly available tool on a commonly available laptop—more industrious cybercriminals might have access to more resources, such as botnets and cloud computing resources, and more advanced tools that can brute force password combinations at speeds hundreds or thousands of times faster.

In other words, always, ALWAYS use strong passwords! Contact us to learn how we can help better secure your business.

Other Articles

What is a Hybrid IT Support Model?
A hybrid IT support model combines in-house IT resources with external IT service providers to deliver comprehensive IT support. This...
Three Data Loss Stats to Consider
In 2024, several alarming data loss statistics have significantly impacted businesses, highlighting the critical need for robust data protection and...
How to Boost your Security Culture
Millions of people find themselves sitting in front of a computer moving files around, collaborating through email, or updating info...
How to Prevent Phishing
All businesses today are at risk of falling victim to email phishing attacks. A multi-layered approach to security that includes...