Tech News

Infographic: how long does it take for a hacker to discover your password

One of the important aspects to generate a strong password is the extension. The longer it is, the longer it will take a computer program to decipher it.


According to the World Economic Forum website, a 12-character password containing at least one uppercase letter, one symbol, and one number would take a computer 34,000 years to crack.

“The more difficult a password is to guess, the more security it provides. Unfortunately, reality shows that years go by and a large mass of users continue to use passwords that are extremely weak and easy to predict. We observe this with the reports that some companies publish year after year that reveal which are the most used passwords by users, which also tend to coincide with the weakest”, underlines Camilo Gutiérrez Amaya, Head of the Research Laboratory of Eset Latin America.


And he added that in the last report made, the password “123456” was detected more than 1 million times in the different leaks suffered by sites throughout the world. That combination is followed by variants of it that contain more or less numbers, and even passwords like “password”.

In this table, made with information from Hive Systems, specifies how fast passwords can be guessed in a brute force attack, taking into account the length of its characters and other important factors such as whether it is composed of symbols, numbers, lowercase and uppercase.


What is a brute force attack

Attempts to guess a password or username, or key, using a trial-and-error technique are known as brute force attacks. It is an old method of attack but is still widely used by hackers.

In a classic attack, the cybercriminal chooses a victim and tests possible keys linked to that username. This is what is known as a dictionary attack.


For his part, “a reverse brute force attack reverses the attack strategy and starts with a known passwordWhat passwordsfilters available on the Internet, and with the search of millions of usernames until a match is found”, as highlighted in Kaspersky Lab.

Keep in mind that these “trial and error” techniques do not necessarily have a person typing possible combinations from a keyboard. In many cases, computer programs are used that can generate different random combinations until the key is found. Those automated systems can find a dictionary password in less than a second.

How to create a strong password and other security measures

1. The first step to create a strong password is to think about the extension. The more characters you have the better.

2. It is also important that it includes a combination of letters, numbers, characters as well as upper and lower case.

3. password managers They can be great allies because they allow you to generate different keys, randomly. This is vital especially considering that you have to have different passwords for each site. It should be remembered that the Google account integrates a password manager to store the keys generated in different portals.

4. Activate second factor authentication on all accounts. In this way, an additional layer of security is added to the account since the system will ask the user, to enter their account, a password that is received by SMS or application. It is also possible to configure a physical key as an additional security measure. This note explains step by step how to activate this security measure in different accounts.


Back to top button