9

How Long It Would Take A Hacker To Brute Force Your Password In 2022, Ranked

 2 years ago
source link: https://digg.com/technology/link/how-long-it-takes-to-get-password-hacked-1IvDFspF6p
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

6884 members

The latest news, reviews and features from the digital and analog world.

HACK TO THE FUTURE

How Long It Would Take A Hacker To Brute Force Your Password In 2022, Ranked

Submitted by Adwait

3 days ago

According to Hive Systems your passwords should be at least 18 mixed up characters for maximum security. Here's how long it would take a hacker to come up with as many combinations or passphrases before guessing your password.

Cyber security company Hive Systems crunched the numbers and computed how long it would take hackers to brute force their way into your password, based on the character length and complexity (case, numbers and symbols). Here's what they found.

Square.png

Read their methodology here.

Comments

  1. Can I get a round of hands how many people got logged out of gmail never to get back in?

  2. If only one machine. But brute attack force today use power computing of hijacked/bots machines. It's easy to broken 20x100 chars password (length x wide, wide is the tota number of chars to be tested).
    Up to 10 million hijacked machines can be easily rented. Some of then are rented by hour. GC and AWS send hi.
    So doesn't matter. Key is the length. The shortest dies first. Some case it's interesting up to 50% cracked passwords, others, only 0.1%.

  3. This is an oversimplification.

    P@ssword123456789 Would not take any hacker 7tn years to crunch. Most common modern techniques use dictionary attacks these days, so they look at a database of a bunch of leaked passwords and then they input the websites criteria for good password and start the guessing from most common to least.

    That password would take about 4 minutes to guess.

  4. S5 Od

    3 hours ago

    My password is 26 plus 28 long..
    .
    .even if you see my password... You cannot reType it.
    .
    .even keyloggers wont effect... Because your eyes and brain will just be confused seeing it .
    .

  5. https://s.y1h1.com/s/064a5c61

  6. I have way more that 18 characters in my passwords, so that means I'm safe

  7. And what if you get keylogged? No need for figuring out your password then!

  8. Charlie B

    4 hours ago

    This is so incredibly outdated it's not even funny. To many factors in recent years have lowered all of these numbers significantly. And his others have said the sheer fact that passwords can be circumvented makes them almost irrelevant anyway. We need to move on from passwords to something more secure and more useful.

  9. Dave Beer

    5 hours ago

    If a site only md5's their passwords, they have bigger issues... Uniquely salted 10k iteration pbkdf2 perhaps would beat different story.

    I'm not sure the point past clickbait. Better would be education on password hygiene.

  10. Rob Norris

    14 hours ago

    I have 30 to 40 characters with num letters symbols

  11. Article is clickbait created by a company which appears to be barely competent in actual password security what the application thereof.

  12. It would have been a better article if they explained how they get your password to brute force attack. I am not an expert but the idea is that a site is hacked and they are able to obtain a file with hashed (encrypted) passwords. No one is trying to break your password, they are running a script on the file that tries all the combinations and cracks the easy ones first. Then they would do another pass with a more detailed algorithm. At some point they have hacked alot of the passwords and they will stop because it is just not worth the time and effort to get more because they can get another file from another hack. Your goal, imo, is to outlast what they consider a reasonable time and reasonable number of passes. No hacker will spend years or even months trying to crack a password because eventually the hack will be found and people will be notified and the smart ones will change their password.

    I use upper case and lower case and symbols and numbers in a phrase that I know and it is usually between 12 and 20 characters. The longer ones are for the more sensitive accounts.

    I never reuse a password. I also use a password manager that watches sites I have saved and informs me if there is a hack so I can modify my password.

    1. A hashed password is not encrypted… it’s hashed.

      The hashes on their own are useless… weak hashed passwords can be compared against a rainbow table. Otherwise assuming the hash didn’t get salted now you’ll also know which uses have the same password, which are likely the easiest ones to brute force.

      If the hash was salted… and you don’t know what the salt is, it’s pointless to even try to figure out the passwords.

      The way people get the credentials comprised for the most part is…

      1- phished
      2- site with weak hash that got comprised
      3- site storing passwords in plain text 😱that got comprised
      4- stupid password

  13. Well than I am good been using a password format that surpasses this chart during the days of BBSs on dialup
    modems.

    Lol

  14. Allen Day

    17 hours ago

    Yes, brute force attacks can't use the host as an attack platform. The hackers start out with the hashed password they stole or bought. Of course every advocate for obnoxious passwords fails to mention the ill-gotten hashed content up front.

  15. Oded Arbel

    17 hours ago

    "correct horse battery staple" would take how long to brute force in 2022? Are spaces considered "symbols"?

    Any password I've created since 16th April 2014 is completely off of this unuseful chart.

  16. Allen Day

    17 hours ago

    What a load of nonsense. Two rules to never forget. First a security chain is only as strong as it's weakest link. Second no one remembers a lengthy password with no dictionary words, special characters, and numbers that isn't reused in other venus.

    Longer and more complex passwords only increase risk after a certain point. Cut and paste, password managers, post-it notes, reusing passwords they are all methods often employed by people with too many password requirements. This nonsense is much like putting a giant impenetrable lock on a house with tons of windows. A long obnoxious overly complicated password simply just isn't the only way in.

  17. Merry

    18 hours ago

    I wonder how much faster they could crack your password now that they know it's exactly 12 characters and contains numbers letters and special characters?

  18. Iain

    18 hours ago

    You know that these figures are the longest it will take, they could get lucky after 10 minutes for all password lengths.
    Just putting that out there to make you aware that not even an 18 char password with upper, lower, numerals and a symbol is 100% secure.

  19. Turn your 2 Factor /multiple factor authentication and that includes biometrics etc. Because, real hackers can easily trick you into downloading keyloggers and other malware. I had once found a keylogger device on my elderly moms line installed by the internet tech who worked for the phone/isp company! So your password is one aspect of adding a little extra layer of security.

Additional submission from Adwait:

Metros With The Highest And Lowest Changes In Median Listing Price, Ranked

Submitted 16 hours ago

Las Vegas had the highest year-over-year median listing price increase, while prices in Rochester dipped the most.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK