Published 15:27 10 Mar 2022 GMT

Experts Explain How Long It Would Take Hacker To Crack Your Logins

It turns out that having six characters as your password means it could be easily hackable

Anish Vij

Experts have revealed just how easy it is for people to hack your password.

Many of us perhaps think the foolproof 'password' or '123456' is enough to bypass the mischievous internet nerds.

Well, it turns out, passwords even more complex than the ones above are also pretty easy to break in to.

According to new research, any variation of a six figure password can be cracked instantly.

Advert

Even an eight figure character combo can be guessed in roughly 39 minutes, according to cybersecurity company Hive Systems in Richmond, Virginia.

An eight figure password could be guessed in roughly 39 minutes.

Alamy

Although, if you want to be super safe, an 18 character password won't be cracked for around 438 trillion years - as long as it includes some numbers, symbols and a mix of upper and lowercase characters of course.

I mean, unless you want to be writing an essay every time you log in, it turns out that a strong 11 character password would be cracked within some 34 years, which seems like a happy medium.

The company said its data was 'based on how long it would take a consumer-budget hacker to crack your password hash using a desktop computer with a top-tier graphics card'.

Advert

"If you use the same password on multiple sites, you're in for a bad time," Hive Systems wrote.

Hive Systems

The company also discussed 'hashing', which is a term referring to a scrambled version of text that sort of reconfigures it.

Basically, if the word 'password' is hashed, the output would be 5f4dcc3b5aa765d61d8327deb882cf99.

Long story short, passwords saved on websites, are stored in servers as hashes, as opposed to plain text passwords.

Advert

The hash is impossible to reverse so all hackers will see is the jumbled up reconfiguration.

However, hackers will then make a list of all of the characters on your keyboard and then that's where the hashing begins.

They will then compare their list of hashes with the stolen password and then they're able to figure out your login.

Seems like a lot of work, but it's definitely not uncommon.

"We reviewed password data breaches from 2007 to present, reported through HaveIBeenPwned, to see what attackers have actually been trying to crack and whether that changed over time," Hive Systems said.

Advert

"Generally speaking, website logins that people probably care less about, like forums and restaurants, used and continue to use MD5 and SHA-1.

"That is a pretty big deal assuming people reuse the same passwords on more concerning sites like banking, government, private messaging, email, and social media."

Featured Image Credit: Alamy

Topics: Technology

Anish Vij

Anish is a Journalist at LADbible Group and is a GG2 Young Journalist of the Year 2025. He has a Master's degree in Multimedia Journalism and a Bachelor's degree in International Business Management. Apart from that, his life revolves around the ‘Four F’s’ - family, friends, football and food. Email: [email protected]

@Anish_Vij

Home> News

Published 15:27 10 Mar 2022 GMT

Experts Explain How Long It Would Take Hacker To Crack Your Logins

It turns out that having six characters as your password means it could be easily hackable

Anish Vij

Experts have revealed just how easy it is for people to hack your password.

Many of us perhaps think the foolproof 'password' or '123456' is enough to bypass the mischievous internet nerds.

Well, it turns out, passwords even more complex than the ones above are also pretty easy to break in to.

According to new research, any variation of a six figure password can be cracked instantly.

Advert

Even an eight figure character combo can be guessed in roughly 39 minutes, according to cybersecurity company Hive Systems in Richmond, Virginia.

Alamy

I mean, unless you want to be writing an essay every time you log in, it turns out that a strong 11 character password would be cracked within some 34 years, which seems like a happy medium.

The company said its data was 'based on how long it would take a consumer-budget hacker to crack your password hash using a desktop computer with a top-tier graphics card'.

Advert

"If you use the same password on multiple sites, you're in for a bad time," Hive Systems wrote.

Hive Systems

The company also discussed 'hashing', which is a term referring to a scrambled version of text that sort of reconfigures it.

Basically, if the word 'password' is hashed, the output would be 5f4dcc3b5aa765d61d8327deb882cf99.

Long story short, passwords saved on websites, are stored in servers as hashes, as opposed to plain text passwords.

Advert

The hash is impossible to reverse so all hackers will see is the jumbled up reconfiguration.

However, hackers will then make a list of all of the characters on your keyboard and then that's where the hashing begins.

They will then compare their list of hashes with the stolen password and then they're able to figure out your login.

Seems like a lot of work, but it's definitely not uncommon.

Advert

"Generally speaking, website logins that people probably care less about, like forums and restaurants, used and continue to use MD5 and SHA-1.

"That is a pretty big deal assuming people reuse the same passwords on more concerning sites like banking, government, private messaging, email, and social media."

Featured Image Credit: Alamy

Topics: Technology

Anish Vij

@Anish_Vij