A report from a cyber security company Hive Systems revealed the range of time it might take for a cybercriminal to learn a user’s password using a brute-force method, which consists of going through a trial and error process before guessing.

A decade ago, the estimated lifespan of a 10-character password was over 106 years, but now a password of the same length can last as little as three weeks.

Much of the progress in this activity is due to technical sections such as improvements graphics cards For computers that allow to speed up the process, combining them with platforms cloud service If the time is too long.

You may be interested in: Passwords, a necessary evil that we can do without in the future

How long does it take for a criminal to know the password?

There are two factors to consider in this process, and these are the weapons users use to protect themselves from attacks: the number and type of characters.

The researchers tested passwords between 4 and 18 characters long, with a mix of numbers, uppercase and lowercase letters, and symbols. With this in mind, they created a table with the time range it might take for a cybercriminal to obtain a user’s password.

For example, using 4 to 6 characters does not constitute No barrier Because it can be guessed immediately using the brute force method. Not far behind are passwords that have 7 to 9 characters, with a protection range of 2 seconds to 2 days.

On the opposite side are keys with 16 and 18 characters, especially those that combine lower and uppercase letters, numbers and symbols, because criminals can take 92 billion and 438 trillion years.

These numbers are getting smaller and smaller, because if in 2012 it took 106 years to get a 10-character password with numbers, lowercase and uppercase letters, by 2021 it was reduced to seven months, and last year to three weeks. .

You may be interested in: How to find a forgotten password in Google Chrome

Minimum security key requirements

Given the picture, there are several features that make it mandatory to have passwords in the face of increasing attacks and technical improvements in the exploitation of platforms.

The first is that all passwords must contain a combination of lower and upper case letters, numbers and symbols. This is irrelevant.

As for the extension, you can be more flexible, but the minimum is that they are 11 characters, so criminals will need at least 3 years to guess the password using brute force. method of attack.

With such a long password, some users may find it difficult to remember it, considering that most will have more than one for each platform they have an account on, such as social networks, digital stores and email. In this case, it is better to use a password manager.

In addition, it is important to supplement this with two-factor authentication, as this will be an additional barrier for criminals, who are mainly temporary codes and arrive on another platform, such as email or text message on a mobile phone.

Continue reading: