A password made up of a random combination of upper-and-lower case letters, numbers, and special characters, such as Pz27Qx9WQlm!, is nearly uncrackable.
Uncrackable passwords use ALL available character types – uppercase, lowercase, numbers, and symbols. The absolute minimum length for an uncrackable password is 11 characters (assuming the password uses a mix of all character types).
Make Passwords Longer And More Complex
For example, brute force attacks are often also based on lists of frequent passwords or phrases, such as 'qwerty', 'password', or '12345'. The password should therefore be as unique as possible, or not contain any words at all.
Higgins' best advice for ideal password length is 12 or more characters, including a mix of lowercase and uppercase letters, numbers and special symbols (an exclamation point or # symbol, for example).
In fact, the National Institute of Standards and Technology (NIST) states, Password length has been found to be a primary factor in characterizing password strength. To strengthen the security of your online information, ensure your passwords are a random mix of at least 14 to 16 characters.
Use long, complex passwords that use spaces, capital letters, lower case letters, numbers and special characters. To make them easier to remember, consider using a sentence that has meaning to you.
Mix Word and number together randomly
Mix Word and number together randomly (mix uppercase and lowercase). For example, 2 words “Scotfield” and “01255447689”, mix it randomly and become “S012cot5544fie76ld89”, frankly… i do not think is it possible to crack, but it very hard to remember also.
Increasing the password complexity to a 13 character full alpha-numeric password increases the time needed to crack it to more than 900,000 years at 7 billion attempts per second. This is, of course, assuming the password does not use a common word that a dictionary attack could break much sooner.
For simple passwords that contain only numbers or lowercase letters, the results were almost instant. Meanwhile, the same system would need 400 years to decode them if stronger hashing functions like bcrypt are in use. For a complex 12-character password, the duration Hive estimate is 14 billion years.
The most insecure passwords to use across all countries and populations is“123456” and “password” — two of the most obvious, easiest-to-guess patterns which meet the minimum 6 to 8 character password length requirement that most websites have.
Most hackable passwords
Second came “123456” followed by the slightly longer “123456789.” Rounding out the top five were “guest” and “qwerty.” Most of those log-ins can be cracked in less than a second.
"Ja7WuthTfapow7fdAbhcA7cta!" That's a 26-character password that includes numbers, letters, uppercase, lowercase, and a one special character. All you have to do is recite the nursery rhyme when you're typing in your password!
(Although, as Data Genetics acknowledges, you probably shouldn't go out and choose “8068” now that this is public information.) Rounding out the bottom five are “8093,” “9629,” “6835,” and “7637,” which all nearly as rare.
Today, using the latest GPUs (RTX 4090) it takes just 59 minutes, but if cloud resources were used, the time taken to crack the password drops to just 19 minutes if using 8 x A100 GPUs from Amazon AWS, and 12 minutes if using 12.
“guest” beat out “123456” to be the most popular password among Americans in 2022. Simple combinations of letters, numbers, and symbols, such as “a1b2c3,” “abc123,” or “qwerty,” are highly popular in the US.
What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.
These bad choices are made up of obvious sequences of numbers like, or, in the case of 'qwerty', the letters from the top row of the computer keyboard. 'These sequences are particularly easy to remember and transcend languages and cultures, making them an incredibly popular password choice worldwide,' Dojo says.
"Dragon" might be disproportionately popular because hacked sites are less likely to require users to include, say, a number or special character in their password. The type of site a password data set comes from can also skew results.
Want to use all upper and lower case letters instead? That will help somewhat, but a five-letter password can still be cracked instantly; And a nine-letter password will still only take 4 days to crack; Want to mix numbers and upper and lower case letters?