More About Using Complex Passwords

My last blog was about an easy way to create a complex password.  Todays blog will show you why it is important to use complex passwords especially in a business environment.

I recently read an article about how long it can take to "hack" passwords. Although there are many ways a hacker can use, the most common is what is called a brute force attack, this is accomplished when a hacker uses a specially written piece of software to attempt to log into a site using your credentials. By the way, this software is free so dont think it has to be some elite hackers, it can be your 14 year old next door neighbor.

The more complex your password the longer it would take to "crack" or guess your password.  There are three main things that determine how long it would take.

1. Length and Complexity of your passwor

2. The speed of the hackers computer

3. The speed of the hackers Internet connection

Assuming the hacker has a reasonably fast connection and PC here is an estimate of the amount of time it would take to generate every possible combination of passwords for a given number of characters. After generating the list it’s just a matter of time before the computer runs through all the possibilities – or gets shut down trying.
Pay particular attention to the difference between using only lowercase characters and using all possible characters (uppercase, lowercase, and special characters – like @#$%^&*). Adding just one capital letter and one asterisk would change the processing time for an 8 character password from 2.4 days to 2.1 centuries.

Password Length All Characters Only Lower Case
3 0.86 seconds 0.02 seconds
4 1.36 minutes .046 seconds
5 2.15 hours 11.9 seconds
6 8.51 days 5.15 minutes
7 2.21 years 2.23 hours
8 2.10 centuries 2.42 days
9 20 millennia 2.07 months
10 1,899 millennia 4.48 years
11 180,365 millennia 1.16 centuries
12 17,184,705 millennia 3.03 millennia
13 1,627,797,068 millennia 78.7 millennia

Remember, these are just for an average computer, and these assume you aren’t using any word in the dictionary. If Google put their computer to work on it they’d finish about 1,000 times faster.

Most hackers are not going to spend years or centuries or even days trying to crack a password, they are trying for the quick ones. So the more complex it is more likely they will skip it.

If you have any system questions or concerns call the CCS Retail Support Department at 800-672-4806 or email us



Leave a Reply