The page you were trying to view is not available for your role.
While many of us are enjoying the convenience that online services bring to our lives, we have all probably struggled at some point to remember the numerous passwords we now need to manage and update.
But it’s a minor inconvenience for the security they provide us.
To help you improve your online security, our experts in our Information Security team have shared their insight into what makes a good password, and why we should keep them up to date.
Takeaways:
- The longer the password, the longer it would take a computer to crack (this is just simple maths: for each additional character, the combinations needed increase exponentially!).
- Complex passwords containing alphabetic, numeric and special characters (ascii characters) increase possible combinations for each character from a power of 26, to 95, drastically reducing the chances of a password cracker being successful.
- Password managers create passwords with both length and complexity and can automatically create and populate for you – meaning you only need to create and remember one unique, complex password: for the password manager.
- Think ‘PassPHRASE’ rather than ‘PassWORD’. Think of three or four random words as your passphrases. These can help you remember and create what are effective and complex passwords that reduce your risk of being hacked. This guidance from NCSC is helpful for this.
- Add multi-factor authentication wherever it is available as a second line of defence for your accounts.
- Keep work and personal passwords separate and different, for obvious reasons.
One simple way to increase your online security now
Update your passwords to passphrases of 14 characters or more - this will disrupt most password crackers. At that length, with a good mixture of varying styles of characters, it would take years for most brute force applications to crack a password.
Password maths! An 8-character lowercase password (26x8) has a total of 208,827,064,576 possible combinations that a cracker would have to attempt, which sounds like a lot but would take a computer less than 3 hours to crack. However, if you increase that to 14 characters (26x14), it would take about 778,000 years to crack!
How long will it take to crack your password?
| Length of password (chars) | Only numbers | Mixed lower and upper case letters | Mixed numbers, lower and upper case letters | Mixed numbers, lower and upper case letters, symbols |
| 3 | Instantly | Instantly | Instantly | Instantly |
| 4 | Instantly | Instantly | Instantly | Instantly |
| 5 | Instantly | Instantly | 3 secs | 10 secs |
| 6 | Instantly | 8 secs | 3 mins | 13 mins |
| 7 | Instantly | 5 mins | 3 hours | 17 hours |
| 8 | Instantly | 3 hours | 10 days | 57 days |
| 9 | 4 secs | 4 days | 153 days | 12 years |
| 10 | 40 secs | 169 days | 1 year | 928 years |
| 11 | 6 mins | 16 years | 106 years | 71k years |
| 12 | 1 hour | 600 years | 6k years | 5m years |
| 13 | 11 hours | 21k years | 108k years | 423m years |
| 14 | 4 days | 778k years | 25m years | 5bn years |
| 15 | 46 days | 28m years | 1bn years | 2tn years |
| 16 | 1 year | 1bn years | 97bn years | 193tn years |
| 17 | 12 years | 36bn years | 6tn years | 14qd years |
| 18 | 126 years | 1tn years | 374tn years | 1qt years |
K=thousand (1000)
m=million (1,000,000)
bn=billion (1,000,000,000)
tn=trillion (1,000,000,000,000)
qd=quadrillion (1,000,000,000,000,000)
qt=quintillion (1,000,000,000,000,000,000)
Source: How Long Will It Take To Hack Your Password? – Frank on Fraud
Stay safe from scams
Your security is our priority. Read more about keeping your finances safe online.
