In the battle against hackers, one of the most fundamental lines of defense remains the strength of your password. However, all of them can be discovered, however long they may be.
IT consulting firm Hive Systems has released its annual rankings analyzing password cracking times of varying lengths and complexities. The results clearly show that it is more essential than ever to ensure that you use long and complex passwords to stay ahead of increasingly powerful password analysis tools and techniques.
For the study, Hive Systems tested password cracking speeds against the bcrypt hashing algorithm, one of the most robust encryption standards in use today. They used equipment including 12 GeForce RTX 4090 GPUs from NVIDIA as well as processors designed for data centers.
Weakest passwords can be cracked instantly
The results clearly show that short, simplistic passwords offer virtually no protection against a brute force attack in 2024. An 8-character password consisting of only numbers could be cracked in just 37 seconds by exploiting the immense parallel processing power of Nvidia’s RTX 4090. If your password only includes 6 digits or only 4 lowercase letters, it can be discovered instantly.
Just extending this to a 16-digit numeric password increases the cracking time to 119 years. When you incorporate capital letters and symbols into an 8 character password, it would take hackers 7 years to work their way through all the potential combinations. This is what most websites generally recommend, but keep in mind that The more powerful the graphics cards become, the more the cracking time will be reduced.
Longer passwords take longer to crack
The news is even better for those who use longer passwords, in line with modern security recommendations. A password consisting of 12 random characters consisting of capital letters, numbers and symbols would take 164 million years to decipher by brute force methods.
“ These results highlight how essential it is to use passwords that are as long and complex as possible says Sharon Reynolds, principal security consultant at Hive Systems. “ While eight-character passwords may have been considered acceptable in the past, modern hardware makes these minimums rather ineffective against skilled attackers. “. If a hacker is well equipped and your password is short enough, they will have no trouble cracking it.
Of course, the analyzes assume a scenario in which hackers have already obtained the encrypted password hashes following a breach or leak. Reputable websites also implement additional protection measures, such as Limiting connection attempts, to discourage automated brute forcing.
So what is the solution for users who want to optimize the security of their passwords? Cybersecurity experts recommend using unique passwords of 16 or more characters that incorporate a truly random mix of upper and lower case letters, numbers and symbols.
This is why password management tools, which securely store and automatically fill in login credentials, have become so attractive. This helps avoid reusing the same weak passwords from one account to another, while allowing users to use passwords that are as strong as possible everywhere without worrying about forgetting them. The digital giants are also increasingly promoting more secure passkeys, which allow you to identify yourself with your biometric data.