How Long Does It Take To Crack A 12-Character Password?

Why Trust Tech Report

Tech Report is one of the oldest hardware, news, and tech review sites on the internet. We write helpful technology guides, unbiased product reviews, and report on the latest tech and crypto news. We maintain editorial independence and consider content quality and factual accuracy to be non-negotiable.

Setting unbreakable passwords for all your online accounts and remembering them is tough. However, considering the increasing number of online breaches, protecting your accounts through a random mix of characters is essential. Read on to find out how long it takes to crack a 12-character password and how to create your own strong passwords.

A password manager can help you create strong passwords for all your accounts and store them for you so you don’t have to remember them.

In this article, you’ll learn how to build strong and safe passwords. Will also see how long an ideal password should be and how long it will take hackers to crack a solid password.

The Problem With Passwords

The single biggest problem with passwords is that there are too many of them. According to NordPass, an average user has around 100 active passwords. Naturally, it’s impossible to remember all of them.

As a workaround, you often set the same password for multiple accounts or reset it every time you log in.

As per Statista, 34% of users reset their password once a month, while 15% do it multiple times a week.

We also tend to set passwords that are easy to remember. However, the problem with these passwords is that they are easy to guess – many can be cracked in less than a second.

Here are some commonly used passwords, per Nord’s 5th annual report.

As you can see, most of these passwords contain only numbers or lowercase letters – two of the most vulnerable forms of passwords you can set.

Weak passwords can be cracked using different methods, such as brute force attacks, dictionary attacks, and credential stuffing.

Brute force attack

Hackers use advanced bots and algorithms to guess passwords through trial and error. This method involves trying all possible permutations of a password until it is cracked. Poorly designed passwords can compromise your online accounts in minutes.

Dictionary attacks

Instead of randomly guessing all possible combinations, hackers use a ‘dictionary’ of commonly used phrases or words to crack passwords.

For instance, we may use the name of our favorite sports team as a password. In a dictionary attack, hackers will try the names of all popular sports teams, for example.

Credential stuffing

Another bad habit is taking expired passwords from one account and using them as passwords for another account. Under credential stuffing, hackers use compromised credentials leaked on the dark web to break into accounts.

For example, let’s say your Facebook account password, ‘UiTob#9369,’ has expired. You may then decide to use the same password to log in to your bank account. If the password has already been leaked on the web, hackers can use it to get into your bank account.

How Long Does It Take To Crack A Password?

Your password’s safety depends directly on its complexity. Longer passwords with a good mix of numbers and lowercase and uppercase letters are almost impossible to crack.

On the flip side, if you use only numbers or lowercase letters, it won’t be long before your account is compromised.

The table below highlights the time it would take for hackers to crack passwords of different lengths and combinations of characters.

An 8-character password can be cracked in a maximum of 8 hours, even when it contains a good mix of numbers, uppercase and lowercase letters, and symbols.

There are several free online platforms where you can check the strength of your password, such as Security.org. Simply enter your password to find out how long it would take to crack.

The platform guarantees that the entries are 100% secure and not stored or shared with anyone.

How To Make Your Password Stronger

Strong passwords go a long way in securing your online accounts. Here are some best practices for choosing a password.

Use A Mix Of Characters

Using a mix of uppercase and lowercase letters, symbols, and numbers in your password is always a good idea. Passwords that are all letters or all numbers are much easier to guess than those that contain a mix of both.

As you can see from the above table, a 10-character password with a good mix of characters can take around 5 years to crack. On the other hand, a 10-character numeric password can be breached almost instantly.

Use Password Managers

Nowadays, we have multiple online accounts, such as social media, bank and business portals, and health platforms. It’s always a good practice to have different passwords for each one.

To access your password manager, you just have to set and remember a master password. Some password managers also come with auto-fill features that enter your password automatically whenever you access your online accounts.

False Answers To Security Questions

Many online platforms ask you to answer a security question to recover your password in case you forget it. However, we recommend not giving true answers to those security questions.

Let’s say your security question is ‘What is your pet’s name?’ The correct answer might be Bruno. However, people close to you will also know your pet’s name, or you might have posted a picture of Bruno online with his name as a caption, which makes it easier for malicious parties to crack your password.

This is why it is always a good idea to set random and unconnected answers to these questions. For instance, you can say that your pet’s name is New York, which makes it much more difficult to guess.

Set Up Two-Factor Authentication

Two-factor authentication (2FA) adds another layer of security to all your accounts. 2FA is a security measure that requires you to provide a second authentication factor in addition to your account’s password. This factor can be an OTP received as a text message on your mobile phone, a code from an authenticator app, or biometrics.

This way, even if your password is breached, hackers cannot access your account without knowing the second authentication factor. Many online accounts these days offer the security of 2FA. Sensitive accounts like your banking app must have 2FA in place.

Change Your Passwords Regularly

This means hackers only have a few months to access your account for nefarious reasons before you change the password, hence limiting damage. It’s why most corporations require employees to change passwords every six weeks.

However, most people often end up setting the same passwords with just a little tweak. For example, if their previous password was Rocky1, they may choose Rocky2 as their new password.

It’s hard enough to remember constantly changing passwords for one account, let alone for multiple accounts. And creating and remembering strong passwords each time is practically impossible. That’s where password managers come in.

How To Choose A Good Password Manager

Password managers are an effective solution to the password problem. These platforms create long, random passwords and store them for you. Every time you try to log into your account, the password manager helps you auto-fill your credentials.

That said, many password managers are available – both free and paid. To help you choose the right one, here are a few things to look into when choosing a password manager.

Storage

Locally saved passwords can only be accessed from the device on which they are stored. This protects you from possible online password breaches but also makes accessing your accounts from different devices difficult.

On the other hand, with cloud-based password managers, you can access your account from any device since passwords are retrieved from an online address, not a locally tied hardware device.

However, there is always a risk of password leaks, although less than locally stored passwords.

Password Limits

A password manager sometimes restricts the number of passwords you can generate and save. Considering that you might have an average of a hundred active passwords, choose a password manager to meet your needs.

Zero-Knowledge Architecture

Although most password managers nowadays follow a zero-knowledge policy, it’s a good idea to confirm this before purchasing a plan. Zero-knowledge essentially means that all your passwords are encrypted at the device level, and the provider has no knowledge of your actual passwords.

Dak Web Monitoring

Most password managers these days monitor the dark web to detect if any of your passwords have been breached. If they find such instances, they alert you immediately and prompt you to change your passwords.

It is always a good idea to look for a password manager with dark web monitoring.

Free vs Paid Password Managers

You can even check the strength of your passwords and create strong ones. For example, Google offers a free password manager for all registered users.

However, there are a handful of major drawbacks to using free managers. For instance, Google’s password manager does not operate on a zero-knowledge framework. This means that, if needed, Google can access your passwords at any time.

Free password managers often lack essential features like multi-device access, dark web monitoring, emergency access, and sufficient storage space for documents and sensitive files.

This is why we recommend using a paid password manager – it’s an all-in-one security suite. Nordpass, 1Password, and Dashlane are some of the best password managers on the market right now. NordPass, for example, offers both free and paid plans.

Paid password managers offer advanced functions like a data breach scanner, email masking, and file attachments.

Email masking hides your email address every time you have to enter it on a website. This way, no trespasser can eavesdrop on your sensitive details.

Even better, you don’t have to break the bank when getting a paid password manager. First, these are extremely good value (remember, privacy is priceless!).

Second, almost all of them come with at least a 30-day money-back guarantee, meaning you can try them out and then decide if you want to buy them – all without risking a penny.

Here’s a table highlighting the key differences between the top password managers so you can zero in on the best one for your needs and budget.

The Future Of Authentication

Considering the menace of passwords, there is a global drive toward a passwordless future. With this objective in mind, the FIDO Alliance built passkey technology, which works on public key cryptography.

The public key is stored on the website’s server, while the private key is stored in your authenticator, which is usually built into your device. This can be biometrics such as Touch ID or Face ID or an authenticator app such as Authy or Microsoft Authenticator.

Now, every time you log in, you don’t have to enter your credentials; the authenticator will communicate with the server and match the two keys. As a result, you only have to enter your biometric (or other authentication method you’ve set) to log into your account.

There are several reasons why this method is more secure than using passwords.

For starters, none of your private data is stored on the server. This means that even if the server is breached, hackers cannot access your passkeys.

However, in a classical username–password format, the data is stored on the server, which makes it more vulnerable to malicious third parties.

However, with passkeys, there are no passwords to enter. The server has to connect with the authenticator to log in. Since the website is fake, the server will not be able to make a legitimate connection.

Passkeys cannot be stolen. For example, if you use your Face ID to log into your bank account, hackers cannot steal those credentials, making it much safer than using passwords.

Key Takeaways

While passwords help protect your online accounts – and are by all accounts necessary – they are also vulnerable to breaches and leaks. Weak passwords containing only numbers or lowercase letters can be breached in seconds.

However, it’s difficult to create and remember such random passwords for all your online accounts. This is why we recommend using a dedicated password manager, which not only generates strong random passwords but also stores them for you.

They also check the strength of your passwords and alert you if any of your passwords or personal information gets leaked.

NordPass is one such password manager that offers both a full-fledged paid plan and a limited yet useful free plan if you want to get a thorough feel for the tool before committing.

We recommend the well-priced paid plan because, for just $1.49 per month, you get access to advanced features such as a data breach scanner and email masking. Moreover, there’s also a generous 30-day money-back guarantee with all its paid plans.

FAQs