How quickly could your six character complex password be cracked?

Physically securing your house, car or other personal belongings is typically at the top of your priority list, and you would not leave your front door open or keys on a table in a busy coffee shop (if you can remember what that was like!).  But unfortunately, many of us are unaware that we are doing just that with our passwords.

Research suggests that a six character password, including numbers, upper and lowercase letters and symbols could be cracked in as little as five seconds. Two additional characters (making an eight character password) would increase this, but only to eight hours.

There are a lot of variables in these figures, for example using a password that is a person’s or pet’s name, or a word from the dictionary, will vastly decrease the time it takes.  Did you also know that there are databases available which include stolen passwords and these are used in automated attacks to attempt to gain access?  Hackers use social media and are prepared to do their research to find out your children’s or pet’s names to assist in their attack.

Over the years many people have been sceptical of our advice, asking “but why would they pick me? I’ve got nothing of interest” or “we are only a small business, I’m sure there are much bigger companies they would target”.  This used to be the case, but over recent years cyber-attacks have increased vastly and the majority of these attacks are on small to medium size businesses.  Often the reason for this is that they are easier to gain access to (have less security in place) and are easier to then exploit for financial gain or disruption.

Once they gain access, it might not be your money they are after!

We now see a large number of impersonation attacks, taking control of your email without you realising, speaking to your customers as you and subtly building a strong enough trust before requesting that an overdue or pro forma invoice is paid to a new, or alternative, bank account.

There are lots of ways EBS can assist in securing your business by enforcing password policies, password changes and additional security measures like multi-factor authentication but, initially, we would recommend looking at and sharing the information below – our guide to creating a strong password and how to help prevent your account or business being compromised.

Create a strong password

Try using multiple random words or words not found in the dictionary, using upper and lower case letters, numbers and symbols.  Avoid using personal information like names and dates of birth. Many websites will provide an idea of how strong your password is, these are seen as an annoyance, but they are there for your own protection. You can use password generator tools to create strong, complex passwords but, if using these, make sure you then securely store your passwords (not in the back of that note book in your top draw of your desk – you know who you are!). Password managers are often a good idea for this but research these first and only use a well-known brand with good reviews.

Use as many passwords as you can and create separate work and personal passwords

Try to use a different password for every login.  Also, try to have some separation between your work and personal life.  If your personal email or Facebook became compromised this might then impact the business that you work at – many of us list our place of work on social media etc.

Two Factor Authentication (2FA) or Multi Factor Authentication (MFA)

We are often asked “what is this MFA / 2FA?”.  This is a relatively new term, but many of us are already using this technology with our banks or Apple/Google accounts.  When you try and complete a transaction you either receive an email or text message to enter a code or to log into your bank to confirm it is you making a payment.  This technology is becoming a far more crucial method of securing your accounts.  We would recommend every business has this enabled on their Microsoft 365 accounts meaning staff require either a token or the Microsoft app to gain access to an account.  If you are given the option for your personal accounts, it is advised to enable it.  But, please do be aware of email codes – if a hacker gains access to your email it is very easy to then gain access to your other accounts or simply ‘reset a password’.

Watch where you enter your password

Entering your password or pin and being aware of someone looking over your shoulder is still an important practise, however many people do not give a second thought to connecting to an unsecure wireless connection in a public area.  Entering a password (or accessing your account using a saved password) could allow someone to gain access to that password easily, or even your device.  You should always use a secure wireless connection if entering passwords and if this is a shared/public network then further protection such as a VPN service or private mobile data connection should be used.  It is not recommended to use any public or shared device to access your accounts.

Here is a great graphic from Hive Systems that shows how long it could take for a hacker to compromise your password:

How long it takes to crack your password


Download our quick reference guide below:

Password security check infographic



Useful resources: