Well, if it’s 7 characters long or less then it will take around 10 seconds or less to crack!

I want to show you how short passwords can be cracked in a very short time frame. According to a Sophos blog, a $20,000 computer, which criminals could easily afford and would buy, can try and crack a mind boggling 100 billion passwords a second!

Yes, 100,000,000,000 passwords a second. A 1 with 11 zeros after it…This is a mind boggling large number.

You might be thinking that it must be impossible to create a password that can’t be cracked. Carry on reading and at the end I’ll show you a method of how to create a strong password that can’t be cracked and is also easy to remember.

The science behind cracking a password

A password can comprise the following:

  • 26 lower case letters
  • 26 upper case letters
  • 10 numbers (0,1,2,3…8,9)
  • 32 special characters (!({;:#&*?><._+) etc.

This gives a total of 94 possible characters.

If your password comprises just 1 character it will take me up to 94 attempts to guess your password. I’d start with a, then b, then c al the way through to z, then A-Z, then the numbers and then all the special characters. Eventually I would work out your password.

If your password comprises 2 characters I would start at aa, ab, ac,…,ay, az, a1,…, a9,…, a%,…,ba, bb,…, b8 etc. There are now a total of 8836 different combinations. If I do it manually it’s going to take me quite a long time but I can easily write a computer program to go through all the different combinations very quickly.

The table below shows how long it will take a super computer, that can go through 100 billion permutations per second, to crack different length passwords.

As you can see if your password is less than 8 characters it’s going to be cracked in less than an hour.

However, notice how much longer it takes by just increasing the length of your password by 1 character. An 8 character password will take around 17 hours but a 9 character password will take 66 days.

This is why we recommend your passwords should be at least 10 characters long.

Dictionary attacks

Criminals are sophisticated animals and will use many methods to try and crack passwords. One trick is to use dictionary attacks. There are around 250,000 words in the English dictionary. So a criminal will just input every word in the dictionary until it works as your password.  For a super computer to cycle through 250,000 words isn’t going to take very long at all.

You maybe thinking that the extra numbers you add on the end, eg. Goldfish84 ,will make it harder. It is a bit harder but it’s the equivalent of going from a 2 character password to 3 characters. The time taken to crack is minimal!

And changing letters for numbers or characters doesn’t help much either. For example, changing ‘a’ to @, ‘i’ to 1, ‘s’ to 5. This gives passwords such as Goldf15h or P@55word. Criminals are well aware of these tricks people use so they modify their password cracking programs to go through all the common iterations.

How to create strong but memorable passwords

I fully realise that a lot of people struggle to create and remember long passwords. But there are simple methods which make it easy and I have written a past on how to do it – How to create a strong and easy to remember password