- This chart shows the time it would take for a computer to crack passwords.
- A password of 8 standard letters contains 209 billion possible combinations, but a computer is able to calculate this instantly.
- Adding one upper case letter to a password dramatically alters a computer's potential to crack a password, extending it to 22 minutes.
- Having a long mix of upper and lower case letters, symbols and numbers is the best way make your password more secure.
- A 12-character password containing at least one upper case letter, one symbol and one number would take 34,000 years for a computer to crack.
Password, 123456, qwerty - while passwords which appear on the list of the most common passwords should definitely be retired from use, even a more unique password can be easy to crack if a computer program is tasked with systematically breaking it.
As seen in data by website Security.org, adding even one upper case letter to a password can already dramatically alter its potential. In the case of an eight-character password, it can now be broken in 22 minutes instead of instantaneously in one second – an increase of more than 1000 percent.
While the added time in this case is definitely not good enough to end up with a satisfactory password, the high security gains of using characters other than lower case letters can be multiplied. When using at least one upper case letter and one number, an eight-character password now would take a computer 1 hour to crack. Add another symbol and it takes eight. To make a password truly secure, even more characters or more than one uppercase letter, number or symbol can be added. A twelve-character password with one uppercase letter, one number and one symbol is almost unbreakable, taking a computer 34,000 years to crack.
What is the World Economic Forum doing on cybersecurity?
The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. The centre is an independent and impartial platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors.
Since its launch, the centre has driven impact throughout the cybersecurity ecosystem:
- Training a new generation of cybersecurity experts
Salesforce, Fortinet and the Global Cyber Alliance, in partnership with the Forum, are delivering free and globally accessible training through the Cybersecurity Learning Hub.
- Building a global response to cybersecurity risks
The Forum, in collaboration with the University of Oxford – Oxford Martin School, Palo Alto Networks, Mastercard, KPMG, Europol, European Network and Information Security Agency, and the US National Institute of Standards and Technology, is identifying future global risks from next-generation technology.
- Improving cybersecurity in the aviation industry
Through the Cyber Resilience in the Aviation Industry initiative, the centre has been improving cyber resilience in aviation in collaboration with Deloitte and more than 50 other companies and international organizations.
- Making the global electricity ecosystem more cyber resilient
The centre and the Platform for Shaping the Future of Energy, Materials and Infrastructure have been bringing together leaders from more than 50 businesses, governments, civil society and academia to develop a clear and coherent cybersecurity vision for the electricity industry.
- The Council on the Connected World agreed on IoT security requirements for consumer-facing devices to protect them from cybers threats, calling on the world’s biggest manufacturers and vendors to take action for better IoT security.
- The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace, which aims to ensure global digital peace and security.
Contact us for more information on how to get involved.
This happens because when we use more types of characters, the potential combinations making up the password increase exponentially. With just 26 lower case letters, a password of eight characters has 26^8, so around 209 billion possible combinations. Adding the uppercase, we already arrive at 52^8, around 53.5 trillion combinations. With the numbers in there, it’s 62^8 or 218 trillion combinations. Symbols add another great potential for security, but since only the handful displayed on computer keyboards are convenient to use, this ups the number of combinations once more to around 90^8 or 430 trillion combinations.