If your passwords are less than 8 characters long, change them immediately, a new study says

Short and simple passwords can be cracked in a matter of seconds. Long and complicated ones? Trillions of years.

That’s according to a recent study from Hive Systems, a cybersecurity company based in Richmond, Virginia, which breaks down just how long it would likely take the average hacker to crack the passwords safeguarding your most important online accounts.

The findings suggest that even an eight-character password — with a healthy mix of numbers, uppercase letters, lowercase letters and symbols — can be cracked within eight hours by the average hacker. Anything shorter or less complex could be cracked instantly, or within a few minutes, by any hacker who knows what they’re doing, even if they’re only using fairly basic equipment.

Meanwhile, a password that’s 18 characters in length – and which uses a mix of numbers, lowercase and uppercase letters, and symbols – could take up to 438 trillion years for the average hacker to crack, according to Hive Systems.

The findings back up the advice of experts like the National Institute of Standards and Technology, which also suggests choosing long, complex passwords with at least eight characters.

For the study, Hive Systems ran tests to determine how quickly the average hacker – meaning someone using consumer-grade equipment, including a desktop computer with “a top-tier graphics card” – can crack passwords of different lengths and complexities.

In a blog post, company researchers explain how the process of cracking your passwords can work. It starts with a process called “hashing,” an algorithmically driven process websites use to disguise your stored passwords from hackers.

If you plug the word “password” into one commonly-used hashing software, called MD5, you’ll get this string of characters: “5f4dcc3b5aa765d61d8327deb882cf99.” The idea is that if hackers break into a website’s server to find lists of stored passwords, they’ll only see hashed jumbles of letters and numbers.

You shouldn’t, of course, use “password” as your password. In fact, it’s one of the most common passwords that end up leaked on the dark web.

Hashed passwords are irreversible, because they’re created with one-way algorithms. But hackers can make lists of every possible combination of characters on your keyboard, and then hash those combinations themselves using the most commonly-used software programs. At that point, hackers only have to search for matches of the hashed passwords on their list to determine your original passwords.

It’s a complicated process, but one that can easily be pulled off by any knowledgeable hacker with consumer-grade equipment, Hive Systems notes. That’s why your best defense is using the sort of long, complicated passwords that take the longest to crack.

The report also strongly recommends not recycling passwords for multiple websites. If you do that, and hackers are able to crack your password for one website, then “you’re in for a bad time,” the company writes.

Understandably, you might not want to remember 18-character passwords each time you log into an online account. After all, a password that takes trillions of years to crack isn’t very useful if it also takes you a few million years to remember.

But even a password with 11 characters – again, using a mix of numbers, uppercase and lowercase letters, and symbols – could still take hackers 34 years to crack, Hive Systems estimates. And that’s certainly better than eight hours or less.

No Comments

Sorry, the comment form is closed at this time.

This includes online and email print job submissions as well as in-store face to face operations. We endeavour to continue to provide our services to you whilst adhering to all safety precautions.
We are open.
Yes!
Our on-premises warehouse is still operating, also via courier collection/delivery only.

IT SUPPORT SERVICES ARE STILL OPERATING AS USUAL.

IT Support
[email protected] / 08 7071 3412

Our sales team are working remotely and can be contacted on the details listed below.

Customer Support
[email protected] / 08 7071 3411

Administration Team
[email protected] / 08 7071 3414
[email protected] / 08 7071 3415

Stay safe.
Please note that due to current SA restrictions, print jobs are operating via courier delivery only.
COVID Update

IT support services will be operating as usual during this time and can be contacted on
08 7071 3412 or at [email protected]

We thank you for your continued support and look forward to working with you in the new year.

Stay safe and well.
The Aish office will be closed from COB Friday December 22nd and re-opening on Monday January 8th 2023.
Christmas Closure

IT support services will be operating as usual during this time and can be contacted on
08 7071 3412 or at [email protected]

We appreciate your understanding and thank you for your continued support.

Stay safe and well.
The Aish office will be closed on Thursday April 25th and Friday April 26th. Re-opening Monday April 29th.
ANZAC Closure