Cybersecurity

This chart shows how long it would take a computer to hack your exact password

A picture of a person typing at a keyboard.

A password of 8 standard letters contains 209 billion possible combinations, but a computer is able to calculate this instantly. Image: Unsplash/Glenn Carstens-Peters

Katharina Buchholz
Data Journalist, Statista
  • This chart shows the time it would take for a computer to crack passwords.
  • A password of 8 standard letters contains 209 billion possible combinations, but a computer is able to calculate this instantly.
  • Adding one upper case letter to a password dramatically alters a computer's potential to crack a password, extending it to 22 minutes.
  • Having a long mix of upper and lower case letters, symbols and numbers is the best way make your password more secure.
  • A 12-character password containing at least one upper case letter, one symbol and one number would take 34,000 years for a computer to crack.

Password, 123456, qwerty - while passwords which appear on the list of the most common passwords should definitely be retired from use, even a more unique password can be easy to crack if a computer program is tasked with systematically breaking it.

As seen in data by website Security.org, adding even one upper case letter to a password can already dramatically alter its potential. In the case of an eight-character password, it can now be broken in 22 minutes instead of instantaneously in one second – an increase of more than 1000 percent.

While the added time in this case is definitely not good enough to end up with a satisfactory password, the high security gains of using characters other than lower case letters can be multiplied. When using at least one upper case letter and one number, an eight-character password now would take a computer 1 hour to crack. Add another symbol and it takes eight. To make a password truly secure, even more characters or more than one uppercase letter, number or symbol can be added. A twelve-character password with one uppercase letter, one number and one symbol is almost unbreakable, taking a computer 34,000 years to crack.

Have you read?
a chart sowing how hard it is for a computer to guess your password
A password of 8 standard letters contains 209 billion possible combinations, but a computer is able to calculate this instantly. Image: Statista
Discover

How is the Forum tackling global cybersecurity challenges?

This happens because when we use more types of characters, the potential combinations making up the password increase exponentially. With just 26 lower case letters, a password of eight characters has 26^8, so around 209 billion possible combinations. Adding the uppercase, we already arrive at 52^8, around 53.5 trillion combinations. With the numbers in there, it’s 62^8 or 218 trillion combinations. Symbols add another great potential for security, but since only the handful displayed on computer keyboards are convenient to use, this ups the number of combinations once more to around 90^8 or 430 trillion combinations.

Loading...
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

Stay up to date:

Cybersecurity

Share:
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

US introduces new data rules, and other cybersecurity news to know this month

Akshay Joshi

November 4, 2024

3 key factors to make your cybersecurity training a success

About us

Engage with us

  • Sign in
  • Partner with us
  • Become a member
  • Sign up for our press releases
  • Subscribe to our newsletters
  • Contact us

Quick links

Language editions

Privacy Policy & Terms of Service

Sitemap

© 2024 World Economic Forum