How long does it take for a hacker to discover your password?

A survey produced by a cybersecurity company demonstrates that computers operated by hackers can discover a four-character password instantly. The “feat” can be performed independently of the combination of letters, numbers and symbols in the access code.

The survey was conducted by Hive Systems. To reach this conclusion, the How Secure is My Password website was used, which calculates how long it takes for a password to be discovered.

The infographic, test result, takes into account the use of passwords with numbers, lowercase and uppercase letters and symbols. Furthermore, to reach the time when the code can be broken, the parameter of the “brute force” attack was used.

This hacking method consists of doing trial and error to get not just passwords, but usernames, web pages, encryption keys, and more. See the complete infographic below.

Password Infographic
Infographic made by Hive Systems shows the time to crack various types of passwordsSource: Hive Systems/Disclosure

When is the password secure?

The study shows that passwords with up to eight characters do not take more than eight hours to be discovered, regardless of the combination of elements. It can also take a hacker a mere 5 seconds to discover a six-character code that has uppercase, lowercase, numbers and symbols.

It can be said that passwords start to become really secure against brute force attacks from 10 characters onwards. If among these characters are all possible variations, it would take a cyber criminal at least 5 years to gain access to the code.

In the safest possible case are passwords with 18 characters and all symbols, letters and numbers. In this scenario, it would take the hacker a symbolic 7 quadrillion years to gain access through trial and error.

Secure passwords are essential
Strong passwords are essential to ensure the security of many different accessesSource: Pixabay

Despite the curiosity about the numbers, Hive Systems pointed out some details about the subject. In a publication on Reddit, where the subject went viral, the company recalled that this was a work carried out to update another graphic produced in 2012.

The company also argued that the indicated times do not indicate that the work of brute force would be performed by a hacker personally, but rather from a computer that was programmed to do so.

“This is a good look to show people who aren’t in our industry because better passwords bring more security. Ultimately, this (the chart) is one of several tools we can use to talk about cybersecurity,” published Hive Systems.


According to Security.Org, the institution responsible for the How Secure is My Password website, some basic tips can help the user to create a secure password. The organization starts by remembering that an ideal code is 16 characters or more and should include combinations of letters, numbers and symbols. In addition, other aspects are listed:

  • A password must not be shared between multiple accounts;
  • It must not include the user’s personal information such as address or mobile number. In general, it is best not to include any information that can be accessed through social media such as the names of parents, children or pets;
  • It must not contain consecutive letters and numbers (abc or 123, for example);
  • It must not include the word “password” or the same repeated letter or number.
Previous post Windows 11 fixes organization issue with multiple monitors
Next post Gamer chair: 6 affordable models to keep an eye on