Passwords under seven characters can be easily cracked

Any password under seven characters can be cracked within a matter of hours, according to Hive Systems.

The time it takes to crack passwords increases

Due to the widespread use of stronger password hashing algorithms to protect data, the time it takes hackers to crack passwords has increased.

“Looking at the data and the increase in time it takes hackers to crack passwords, it could be easy to assume that the cybersecurity industry has made great strides in protecting our data,” said Alex Nette, CEO of Hive Systems.

“Unfortunately, every time we make it harder for hackers, they find new ways around even the strongest protections. The increased times shown in our 2024 Password Table are promising, but we’re likely to see these times come down again in the near future as computing power increases,” added Nette.

Last year, Hive’s research found that some 11-character passwords could be cracked instantaneously using brute force. This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms – like bcrypt (password-hashing function) – for encrypting passwords in databases.

Now, that same 11-character password takes longer to be cracked at 10 hours. However, while stronger algorithms have made it more challenging to crack passwords, it’s highly unlikely to stay that way.

“The nice thing about bcrypt is that as computers get faster you just increase the work factor to crack passwords,” said Corey Neskey, VP of Quantitative Risk at Hive Systems. “However at a certain point, the algorithm becomes frustratingly unusable for web applications and websites, and so compromises have to be made – creating opportunities for hackers.”

Hackers target expanding stores of personal data

Each year, more and more personal data is collected and stored in locations that can be breached by hackers. The most effective solutions for data protection are the use of multifactor authentication and a password manager with random, complex passphrases.

MFA – a generally free cybersecurity tool that requires a multi-step process to log into online accounts – ensures that any login is approved by the owner of the account. With the advent of publicly accessible artificial intelligence tools, a second step which requires the personal action of a user to confirm their identity is the best way to keep account information safe.

The use of a password manager for creating and storing passwords also significantly increases the safety and security of passwords. However, these passwords will continue to become less and less secure.