Brute Force Password Hacking: How long will it take to Brute Force a password
As we all know, its not a good idea to brute force a password, as its much faster to use password attacks using hashcat.
I found a good graphic on how slow brute force hacking can be, depending on the length and the complexity of the password. The graph also demonstrates how longer passwords offer, and alphanumeric complexity, can alter the risk vector in your favour.
The game of password hacking is this:
- Users reset password every month, ie 30 days
- If we can Brute force the password in 15 days, we can use the password for another 15 days.
- Brute force attacks, will normally crack the password about half way through the times quote.
- An 8 character password, is listed as 84 days, which means it should crack in approximately 41 days (close to a months reset). How would you protect accounts at this point? It is recommended to force longer passwords, eg 10-14 characters to protect against brute force attacks, as a pragmatic, rather than guaranteed security. Its possible that a brute force attack could break the security in the first day, however, this would be unlikely.
Reference:
http://www.yourdestinationnow.com/2020/07/brute-force-password-guessing-picture.html
University of South Wales: Cyber University of the year: Four years running: 2019, 2020, 2021, 2022 
Trackbacks & Pingbacks