One of the security recommendations we give frequently is to have strong, unique passwords for each of your online accounts and a new table of password data from the cybersecurity firm Hive Systems demonstrates exactly why this is such a cornerstone of internet safety.
The table shows exactly how much time it would take for hackers to brute force their way into an account depending on the number of characters, and the combination of numbers, upper and lowercase letters and symbols used in a password.
Due to the increased use of artificial intelligence and other sophisticated methods currently being employed by threat actors, hackers can break into many passwords almost instantly. Any password combination that only contains four characters doesn't stand a chance, and any password that doesn’t also use symbols are easy targets for hackers
The strongest options are longer, very complex passwords that are between 14 and 18 characters that also contain a variety of numbers, upper and lowercase letters and symbols. These passwords could take potentially billions of years to crack according to the password table.
The password table does assume that the hackers in question are working from a “black box” situation where they are starting from scratch to crack your password, which would show the maximum amount of time. If your password has been reused on other sites, or compromised in a previous data breach, it is obviously much easier to crack.
According to Cloudflare, 41% of people used compromised passwords to log into an online service, like their email or a social media account between September and November of last year. If you’re not sure if yours has been compromised or leaked, you can find out by using Cybernews' Leaked Password Checker and other similar tools available online.
How to create stronger passwords
First, use the Leaked Password Checker to see if any of your current passwords have been breached and if they have, update them immediately. If you’ve been reusing passwords across sites, now is the time to stop doing that altogether and change those as well. It’s a bad habit and it’s putting you – and your accounts and data – at risk.
If you’re going to stick to creating your own passwords, make sure you follow the recommendations of the Hive Systems password table: 14 to 18 characters long, with numbers, upper and lowercase letters and symbols. Many people like to use a phrase or a sentence to help them remember their passwords too.
If you don’t want to remember all of your passwords, you can save yourself the hassle by getting one of the best password managers which will help keep your accounts protected by giving you a place to securely store all of your credentials. Some online accounts will also let you set up a passkey or use a biometric login as well.
From here, you want to make sure you know the common signs of phishing scams and don’t share your passwords with anyone – especially not over social media, the telephone or in unexpected emails or texts. Most companies will never ask for your password and you should be suspicious of anyone who requests it.
Lastly, enable multi-factor authentication on all of the accounts you can; it can make a huge difference in keeping them and the data they contain protected if all else fails.
More from Tom's Guide
- Help Tom's Guide - your chance to win a $250 Amazon gift card
- Subscription scams surge across hundreds of fake websites — how to stay safe
- AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
