Você está aqui: Página Inicial / Blog / How long does it take a cybercriminal to crack your password? Find out here!

How long does it take a cybercriminal to crack your password? Find out here!

If we had to select the most basic tip for cyber hygiene, we would certainly go with the classic: use a strong password. Even the most unsophisticated Internet users when it comes to information security know that passwords are the main line of defense in protecting your online identity from unauthorized access.

But, did you know passwords weren’t actually created as a highly secure authentication method? The truth is, when computer engineer Fernando Corbató created this type of login method, back in the early days of computing, he was only looking for a simple way to allow multiple people to use the same computer and to separate their work into areas secured with different passwords. 

Even Corbató, back in 2014, stated that “passwords have turned into a nightmare on the web” since they were never intended as a reliable authentication method. Even so, despite the fact that we now use multi-factor authentication, the traditional method of using passwords continues to play a vital role in our daily lives. The question is: how quickly can a criminal crack the combination you created?

From 0 to 100 in 1 second!

The answer to this depends on the complexity of your password. When performing brute force attacks, cybercriminals use automated software that tries combinations of numbers, letters, and symbols at an absurd speed until forcibly logging in. 

In early 2022, the website "How Secure is my Password" simulated several mathematical calculations to determine how long it would take an attacker to guess your password according to its complexity. Here are some examples:

  • 5 characters, mixing numbers, letters (uppercase and lowercase), and symbols: instantly

  • 7 characters, mixing numbers, letters (uppercase and lowercase), and symbols: 6 minutes

  • 9 characters, mixing numbers, letters (uppercase and lowercase), and symbols: 3 weeks

And if you only use numbers and uppercase and lowercase letters?

  • 6 characters: 1 second

  • 7 characters: 1 minute

  • 8 characters: 1 hour

See how important it is to have a strong password? Ideally, your password should be at least 12 characters long, mixing uppercase and lowercase letters, numbers, and special symbols. This way it would take a cybercriminal about 34,000 years to crack it! That’s enough to discourage any cybercriminal, right?

A strong password is a complex password

That said, let's go back to the point that all security experts agree on: the best password is the one you can't remember. That is why it is very important that you rely on a dependable password manager. 

If you still insist on trying to create a secure password that you can remember, you can use a simple tactic: think of a phrase that is easy to remember, separate the first letters of each word in the phrase and add numbers and at least one symbol in between, trying to reach at least 12 characters.


Article originally written in Portuguese by Perallis Security Content Team: Quanto tempo um criminoso demoraria para quebrar sua senha? Confira! — Perallis Security