This Is How Secure (or Insecure) Your Password Really Is
A secure password is key to protecting your business from would-be hackers. However, your “secure” password might be weaker than you think. It’s possible to crack an eight-character-long password in 22 minutes, while a six-character password can be hacked instantly. Here’s why. You might think your password is too personal, too random, something you’ve never told anyone before. How could
November 7, 2023
A secure password is key to protecting your business from would-be hackers. However, your “secure” password might be weaker than you think. It’s possible to crack an eight-character-long password in 22 minutes, while a six-character password can be hacked instantly. Here’s why.
You might think your password is too personal, too random, something you’ve never told anyone before. How could someone guess that password, let alone guess it so quickly?
The reason is it’s not a person guessing your password, rather, it’s a computer. A hacker will use a technique called “brute-force” to flood your credentials with a giant list of possible passwords. Theoretically, with enough time, any password can be cracked this way. But the question is how long will it take to crack yours?
If your password is strong enough, it won’t matter that a computer would be able to brute-force your credentials, since the amount of time it would take would be off the charts. The Cyber Nation has a handy infographic to see this in motion. On the left side of the chart, you see how many characters the hypothetical password has — on the top of the chart, you see how varied that password is: “Numbers Only,” “Lowercase Letter,” “Upper and Lowercase Letters,” “Numbers, Upper and Lowercase Letter,” and “Numbers, Upper and Lowercase Letter, Symbols.”
You can quickly see by looking at the chart that the more varied your password is alongside the more characters your password has, the more powerful it is. Having a long password of numbers isn’t particularly helpful, since you have to have at least 17 characters before you even force the computer to take longer than 2 days to crack the password.
Just having a password with numbers, upper and lowercase letters, and symbols isn’t good enough either, since if it’s too short, a computer would be able to guess it instantly.
That’s why a combination of both is the sweet spot — you want your password to fall somewhere in the yellow or green territories. Those zones force a computer to take way too long to guess your password. I mean, 51 years is probably too long to expect a hacker to try to break into your account. How about 800,000 years? Seven quadrillion years? Those sound good to me.
Take a look at your password, then compare it to where it belongs on the chart. If your password is something like Aruba994, that would take roughly an hour to crack. Not so secure. However, a password like @rrUb_atr!p1994 would take 15 billion years to break. I certainly wouldn’t have the patience to wait that long.