How long does it take to crack a password?

Constant news about corporate hacks might make you wonder, “how long does it take to crack a password?”, “Are my Google and Apple ID passwords safe enough?” The details may surprise you.

Explore how websites save your passwords and what you can do to protect yourself with the information below.

How Long Does It Take To Crack A Password?

If you stick with the old bad habits and have a weak password, it can be as quick as a few seconds. And hackers don’t even need a supercomputer to achieve that. This is the conclusion from Hive Systems, an American cybersecurity firm.

They ran a series of tests to see how long passwords of various strength degrees could hold up against hacking attempts. The first report was released in 2020, and Hive recently updated the results in March 2022.

A table showing the duration regarding how long does it take to crack a password of different strengths
Hive System’s password cracking results. Image: Hive System


To produce the above results, Hive System mimicked how a normal hacker would try to crack a password if they happened to obtain its “hash”.

Hashing is a security technique where the service provider takes your password and uses an algorithm to transform it to another random string. For the same algorithm, this code is unique for each password.

The provider doesn’t need to store your password to verify it. When you register an account, only the password’s hash value is saved. During the login process, the server will compare it with the hash value of the password you just entered. If they match, it means you have provided the correct credentials.

People create this mechanism to prevent the scenario where hackers obtain a database of passwords in plain text. These breaches happen on a regular basis. But thanks to hashing, hackers would have to “crack” them to know the real passwords.

Hashing functions are designed to make this process impossible or at least painfully slow. However, the actual time it takes to reverse a hash also depends on many factors. If the hacker gets lucky, they can decode your password within a few hours or even less.

A Facebook login form on a smartphone
Serious websites don’t save your passwords in plain text

For starters, not every hashing algorithm is the same. Some are weaker than others, meaning the passwords encrypted by them are more prone to hacking attempts.

MD5 and SHA-1 are infamous examples. Their creators designed these cryptographic functions a long time ago, back in the 1990s. Modern hardware has rendered them antiquated for hashing anything requiring protection against hacking.

However, many still use them for security applications, including password hashing. In 2012, hackers succeeded in breaking into LinkedIn’s network and stole millions of hashed passwords. Since LinkedIn only used SHA-1 to encrypt them, most of them could be quickly cracked within 72 hours.

Cracking Hashed Passwords

In its report, Hive System reviewed several data breaches and noticed that many systems, like restaurants and forums, still use SHA-1 and MD5.

A laptop with the "HACKED" text on its screen
Outdated algorithms make it easier to crack your passwords

Using brute force attacks, a high-end consumer graphics card can crack complex 8-character passwords encrypted by MD5 in 5 hours. For simple passwords that contain only numbers or lowercase letters, the results were almost instant.

Meanwhile, the same system would need 400 years to decode them if stronger hashing functions like bcrypt are in use. For a complex 12-character password, the duration Hive estimate is 14 billion years.

Make Your Passwords Harder To Crack With Locker

Locker is a feature-rich solution if you are worried about hackers targeting your passwords.

The built-in password generator is available in all plans. It takes care of the task of creating long and complex passwords for you.

By default, they have 16 characters, including digits, lowercase and uppercase letters, and symbols. But you can adjust and increase the complexity further anytime. As real-world tests have shown, using passwords provided by Locker will make your accounts much tougher to crack.

Even in the event of a data breach, it would need years and years to decode your hashed passwords. Most hackers would find this not worth their effort, leaving your accounts untouched.

The password generator of Locker
Locker can just not save, but also create strong passwords for you

The Locker team makes use of the strongest industry-standard hashing and encryption techniques to store your credentials. You won’t have to worry about anyone else, even Locker employees, looking at your passwords.

On top of that, the Premium plan comes with a data breach scanner. It will alert you whenever Locker is aware of a stolen database with your account in it. You would have time to react and change its password, just in case.

Download Locker to enhance your passwords and have peace of mind against cracking attempts.