How long does it take a hacker to crack a password in 2024?

Updating your password to be longer and contain a mix of letters, numbers, and symbols can increase the time it takes a hacker to crack it even as password encryption measures improve, according to the IT firm Hive Systems.

The company released its 2024 password table which displays the time needed to hack a password using the best consumer-accessible hardware. The table is updated every year.

Many websites currently require a password of at least eight characters with a mix of letters, numbers, or symbols, but we might be due for an upgrade, experts say, as a longer password offers a significantly larger pool of possible combinations for hackers to guess through.

For a simple eight-character password composed only of numbers, just 37 seconds are needed to crack it using brute force, a method that employs trial and error by trying as many combinations as possible. If the number of characters is doubled, a hacker would need 119 years to determine it.

Experts advocate for longer passwords even if they are simpler. An eight-character password mixing numbers with upper and lowercase letters and symbols requires seven years to be cracked, which is still less time than what is needed to crack a 16-character password only made of numbers.

The time it takes to crack a password was longer in this year’s table as the firm analysed a more robust password encryption method.

They warned, however, that the increased time to crack a password “likely won’t last as computing power increases in the coming years”.

The passwords tested by Hive Systems are also randomly generated.

If a password has been previously stolen, uses dictionary words, or if it has been reused between websites, the time needed to crack it drops dramatically.

New safety features are increasingly required

If you want to test the strength of your passwords, the website How secure is my password?, as the name suggests, can tell you if you need to change it.

While longer passwords offer better protection, managing them can be a challenge, which is why password managers that securely store and encrypt login credentials, are a popular solution.

In addition, a password manager favours using unique, complex logins which limit the security exposure in case of a data breach.

Even if your password is weak, websites usually have security features to prevent hacking using brute force like limiting the number of trials.

Portals leading to sensitive information also often use an additional layer of security such as two-factor authentication to prevent fraud.

While frequent password changes were previously advised, experts now emphasise creating strong, unique passwords and sticking with them unless they are compromised.

This approach is considered more effective than frequent modifications, which can lead to weaker passwords and reusing similar ones.