The Fundamentals of Password Security
In today's digital age, passwords are the keys to our online world, protecting everything from our personal information to our financial accounts. With the increasing sophistication of cyber-attacks, it’s more critical than ever to practice smart password management. Let’s explore the particulars of password security, from the importance of maintaining strong, unique passwords to tips on how to create and manage yours.
Strong passwords matter. . . a lot.
Financial fraud. Data breaches. Identity theft. A weak or compromised password can have disastrous consequences. Recent studies indicate that identity fraud alone costs Americans a total of about $56 billion a year, with about 49 million consumers falling victim.1 Further, 81% of data breaches are caused by weak or stolen passwords.2
Still not convinced a strong password is worth the effort? Consider this:
- 90% of passwords are vulnerable to attack. Avast
- 40% of people have had their identities hacked, passwords compromised, or sensitive information breached because of duplicate and outdated passwords. Web Tribunal 2023
- Over 80% of data breaches are due to poor password security. Indagent
- In 2022, the fourth most common password was “password.” Cybernews
- 70% of breached passwords are still in use. Spycloud
- 64% of consumers repeat passwords across multiple accounts.
- For businesses, the financial costs are significantly higher. And 59% of U.S. consumers are likely to avoid businesses that have become a victim of a cyberattack within the past year. Arcserve, 2020
Time it takes a hacker to brute force your password in 2023
If your password is 4, 5, or 6 characters long and made up of any combination of numbers, uppercase letters, lowercase letters, and/or symbols, it can be cracked instantly. This is also true of passwords 7 or 8 characters long made up of only numbers or only lowercase letters, and passwords of 9, 10, or 11 characters made up of only numbers.
Passwords 7 characters long made up of a combination of only upper- and lowercase letters can be cracked in 1 second. If that password also includes numbers, it can be cracked in 2 seconds. Further adding symbols to a 7-character password increases the time to just 4 seconds.
Passwords 8 characters long made up of a combination of only upper- and lowercase letters can be cracked in 28 seconds. If that password also includes numbers, it can be cracked in 2 minutes. Further adding symbols to an 8-character password increases the time to just 5 minutes.
Passwords 9 characters long made up of only lowercase letters can be cracked in 3 seconds. A 9-character password using a combination of only upper- and lowercase letters can be cracked in 24 minutes. If that password also includes numbers, it can be cracked in 2 hours. Further adding symbols to a 9-character password increases the time to just 6 hours.
Passwords 10 characters long made up of only lowercase letters can be cracked in 1 minute. A 10-character password using a combination of only upper- and lowercase letters can be cracked in 21 hours. If that password also includes numbers, it can be cracked in 5 days. Further adding symbols to a 10-character password increases the time to 2 weeks.
Passwords 11 characters long made up of only lowercase letters can be cracked in 32 minutes. An 11-character password using a combination of only upper- and lowercase letters takes 1 month to crack. If that password also includes numbers, it can be cracked in 10 months. Further adding symbols to a 11-character password increases the time to 3 years.
Passwords 12 characters long made up of only numbers can be cracked in 1 second. A 12-character password of only lowercase letters increases that time to 14 hours. A 12-character password using a combination of only upper- and lowercase letters takes 6 years to crack. If that password also includes numbers, it takes 53 years to crack. Further adding symbols to a 12-character password increases the time to 226 years.
Passwords 13 characters long made up of only numbers can be cracked in 5 seconds. A 13-character password of only lowercase letters increases that time to 2 weeks. A 13-character password using a combination of only upper- and lowercase letters would take 332 years to crack. If that password also includes numbers, it would take 3,000 years to crack. Further adding symbols to a 13-character password would increase the time to 15,000 years.
Passwords 14 characters long made up of only numbers can be cracked in 52 seconds. A 14-character password of only lowercase letters increases that time to 1 year. To crack a 14-character password using a combination of only upper- and lowercase letters would take 17,000 years. If that password also includes numbers, it would take 202,000 years to crack. Further adding symbols to a 14-character password would increase the time to 1,000,000 years.
Passwords 15 characters long made up of only numbers can be cracked in 9 minutes. A 15-character password of only lowercase letters increases that time to 27 years. To crack a 15-character password using a combination of only upper- and lowercase letters would take 898,000 years. If that password also includes numbers, it would take 12,000,000 years to crack. Further adding symbols to a 15-character password would increase the time to 77,000,000 years.
Passwords 16 characters long made up of only numbers can be cracked in 1 hour. A 16-character password of only lowercase letters would increase that time to 713 years. To crack a 16-character password using a combination of only upper- and lowercase letters would take 46,000,000 years. If that password also includes numbers, it would take 779,000,000 years to crack. Further adding symbols to a 16-character password would increase the time to 5,000,000,000 years.
Passwords 17 characters long made up of only numbers can be cracked in 14 hours. A 17-character password of only lowercase letters would increase that time to 18,000 years. To crack a 17-character password using a combination of only upper- and lowercase letters would take 2,000,000,000 years. If that password also includes numbers, it would take 48,000,000,000 years to crack. Further adding symbols to a 17-character password would increase the time to 380,000,000,000 years.
A password 18 characters long made up of only numbers can be cracked in 6 days. An 18-character password made up of only lowercase letters would increase that time to 481,000 years. To crack an 18-character password using a combination of only upper- and lowercase letters would take 126,000,000,000 years. If that password also includes numbers, it would take 2,000,000,000,000 years to crack. Further adding symbols to an 18-character password would increase the time to 26,000,000,000,000 years.
Source: Hive Systems
Secure passwords, simplified
Still think the work of securing your passwords exceeds the reward? Well, good news: Creating and maintaining strong passwords isn’t as difficult as you might think.
Here are some tips to make it easier:
- Think passphrases, not passwords – A passphrase is a sequence of words or a sentence that is easy to remember but difficult to guess – and is much more secure than a single word. "MyDogIsTheBest#1" is a stronger password than "buddy123."
- Enable two-step verification, when offered – Two-step verification adds an extra layer of security by requiring a code or token in addition to your password to access an account. This makes it more difficult for a hacker to gain access even if they have your password. In fact, multi-factor authentication blocks 99% of all password safety issues, according to Microsoft.
- Use a password manager software – A password manager is a tool that generates and stores secure passwords for you. It can help you manage and organize all of your passwords in one place.
Remember: Passwords are just the beginning
While having strong and secure passwords is essential to your online security, it is not the only measure you should take to protect yourself from cyber threats. Creating a cybersecurity ecosystem that includes firewalls, protective software, vigilant monitoring, and more makes you far less likely to be a victim of cybercrime.
Let’s fight fraud. Together.
Password security is crucial in today's digital world. The good news is, maintaining strong, secure passwords isn’t as challenging as it used to be. By following these simple password management tips and staying vigilant in your cybersecurity practices, you can protect your accounts and personal information.
Arming yourself with information is a crucial step in safeguarding your personal data from cyber threats—and KeyBank is here to help you do just that. Learn more about our commitment to cybersecurity at key.com/fraudprevention.
Source: CNBC, 2021
Source: VPN Alert
