Skip to content

Do you have an eight character password that mixes upper/lowercase letters, numbers, and symbols? Just a few years ago, you could pat yourself on the back and think “Have at it, hackers, my password is UNCRACKABLE!!” It wasn’t true then, but it was what most websites required, even credit card companies, mutual fund and other financial sites, government agencies, etc. so most people thought they were covered.

This table from shows that by 2023, it took five minutes to crack a supposedly strong eight character password. You don’t have to be a Caltech wunderkind with access to supercomputers—anyone with moderate tech skills can download these programs and run them.

If your password doesn’t mix all character types, say it’s just eight upper- and lowercase letters: that can be cracked in such a small time that it’s effectively instantaneous.

This means there’s never been a better time to bite the bullet and start using a password manager, as I recommended a couple of years ago in this article. I use 1Password, which WireCutter recently named its preferred application for 2024. This lets me generate unique thirty character passwords for every service I use, randomly mixing the full range of character types. Occasionally a site will limit my password to 20 characters or whatever, but since the table shows that using only 18 will take hackers 26 trillion years using today’s tech, I’m still comfortable with that. I use 20 or 30 when possible, because I like to futureproof my tech as much as possible. Hopefully in a couple dozen years, those passwords will still take a couple of billion years to hack, which is still plenty for me 😉

Back To Top