What is the minimum length for a secure password?
The more characters in your password, the more difficult it is to crack. That’s why most online services now require passwords with at least eight distinctive characters (numbers, letters, special characters, etc). However, it’s even better to add a few more.
Cybersecurity specialist Hive Systems recently published a chart showing how long it takes to crack a password, depending on its number of characters and specific features. The chart indicates that eight-character passwords are only really effective if all kinds of different symbols are used. While it would take a hacker nine seconds to crack a four-character password containing numbers, upper and lower case letters, it would take seven years if it contained eight.
The biggest risk comes from using only numbers or letters. Here, even if you increase the number of characters, the risk of having your password hacked remains very high. For example, it will only take an hour for a hacker to find a 10-character password made up entirely of numbers. By increasing the number of characters to 14, it could take them up to a year.
Article continues after this advertisementIn any case, as soon as you combine numbers, letters and symbols, you’re making the “work” of pirates considerably harder. In such a scenario, mixing 10 very distinct characters comprising numbers, upper and lower case letters and various symbols is quite safe, since it could then take hackers up to 33,000 years to figure out such a code!
In addition to choosing a complex password, you should opt for double authentication whenever possible, ie, go through an additional validation stage, often by text message, email message or via a special app, to be able to access your account.
That said, the subject of how to choose the best password could soon become obsolete, with the increasing use of passkeys. These digital access keys are in fact stored directly on the device and activated after the user has verified their identity through a PIN code, facial recognition or fingerprint authentication. As these keys are not stored online, they are far more complicated to hack.