Having to come up with a password that matches the symbol requirements for every site can be a hassle, but there’s good reason for it.
Of course, the more your password has, the longer it takes for a hacker to figure it out.
But it’s even more specific than that in terms of how long it would take to guess, according to cybersecurity firm Hive Systems Password Table.
For example, a password with five characters using numbers, upper and lowercase letters would take a hacker just two hours to discover it. However, a password with 18 characters using numbers, symbols, upper and lowercase letters would take 463 quintillion years.
The password table was first designed in 2020 to show how fast a hacker can “brute-force” your password based on data from Howsecureismypassword.net.
They started by looking at the strength of a hashed password against a hacking attempt based on length, complexity, hashing algorithm used by the victim and hardware used by the attacker.
A “hashed” password is a scrambled version of text that can be reproduced if you know what hash software was used.
The experts at Hive Systems analyzed password data breaches from 2007 to now reported by HaveIBeenPwned.
The table focuses on the concept that the hacker is working in a “black box” situation, starting from scratch to hack the password.
This shows the “worst case” or “maximum time required” to do the hacking.
Most hackers, according to the blog post, prioritize the words and strings of characters that they’ll focus on first through previously stolen hashes, dictionary attacks and rainbow tables.
If your password was part of a previous data breach or uses words in the dictionary, then a hacker can figure out your password — no matter how many characters, symbols or numbers used — instantly.
They noted that these metrics go off the assumption that your password has not been part of a breach in the past.
Hackers will often try hashes of all common and breached passwords before even thinking about moving on to new ones.
