How Long Does It Take to Crack a Password?
When security researchers and engineers talk about password strength, they almost always express it as entropy — the number of bits of randomness in a password. Entropy is a direct measure of how many guesses an attacker must make, on average, to find the correct value. Understanding it explains why some password rules matter enormously and others barely move the needle.
What Is Password Entropy?
Entropy is calculated as:
H = L × log2(N)
where L is the password length in characters and N is the size of the character set. For a password drawn from all 95 printable ASCII characters (uppercase, lowercase, digits, symbols), each character contributes log2(95) ≈ 6.57 bits. A 16-character password therefore has approximately 105 bits of entropy.
Why bits? Because each bit doubles the search space. 105 bits means the attacker faces 2105 ≈ 4 × 1031 possible passwords. Even the most powerful GPU clusters in the world cannot search that space in any meaningful timeframe — measured in billions of years rather than seconds.
The 10 Billion Guesses Per Second Assumption
Crack-time estimates depend critically on the hardware available and the hashing algorithm used to store the password. The 10 billion (1010) guesses per second baseline used in the table below represents an offline attack against a fast hash like MD5 or NTLM using consumer-grade GPUs — a realistic and commonly used benchmark in academic and industry analysis.
In practice, well-configured systems use memory-hard algorithms like bcrypt, scrypt, or Argon2id, which reduce the achievable rate to thousands or tens of thousands of guesses per second. However, using a conservative (attacker-friendly) assumption highlights which lengths are safe even in the worst case.
Time to crack a random password (2026)
Estimated average time to brute-force a truly random password, by length and character set.
| Length | Numbers0-9 · 10 | Lowercasea-z · 26 | Upper + lowerA-z · 52 | Letters + digits+0-9 · 62 | All + symbols+!@# · 94 |
|---|---|---|---|---|---|
| 6 chars | Instant | Instant | Instant | 3 sec | 27 sec |
| 8 chars | Instant | 14 sec | 59 min | 4 hr | 3 days |
| 10 chars | Instant | 2 hr | 3 mo | 2 yrs | 117 yrs |
| 12 chars | 55 sec | 1 mo | 468 yrs | 4k yrs | 958k yrs |
| 14 chars | 2 hr | 117 yrs | 2M yrs | 15M yrs | 8B yrs |
| 16 chars | 5 days | 60k yrs | 4B yrs | 63B yrs | Eons |
| 18 chars | 2 yrs | 61M yrs | Eons | Eons | Eons |
| 20 chars | 117 yrs | 31B yrs | Eons | Eons | Eons |
Assumes an offline attacker testing 10 billion guesses/second against a fast, unsalted hash (e.g. MD5 or NTLM) — a deliberately conservative benchmark. Memory-hard hashes like bcrypt, scrypt, or Argon2id reduce that rate to thousands per second, making every figure far longer. Times are averages (half the keyspace) and assume a truly random password — human patterns crack far faster. Updated June 2026.
Online Attacks vs Offline Attacks
The table above models an offline attack — the attacker has obtained a copy of the hashed password database and can test guesses locally at maximum speed without any rate limiting. This happens after a data breach where the password store is exfiltrated.
An online attack targets a live login form. The attacker must send each guess over the network and wait for a response. Modern websites implement rate limiting, CAPTCHA, and account lockout after a small number of failed attempts (typically 5–10). This means online attacks are effectively capped at hundreds or thousands of guesses — making even a moderately long password extremely difficult to crack through a login form directly.
The distinction matters because it defines when password length is critical: the offline scenario (post-breach) is the one that truly stress-tests your password. If your password hash is ever leaked, you want enough entropy that the attacker cannot crack it before you change it — which is why 80+ bits is the widely accepted floor for high-security credentials, and 100+ bits is preferred.
Character Set Size Matters — But Not As Much As Length
Adding one character type (say, symbols) to a password drawn from lowercase letters expands the character set from 26 to roughly 58, adding about 1.15 bits per character. Adding one more character to the length of an all-lowercase password adds log2(26) ≈ 4.7 bits immediately. For passwords of 12 characters or more, increasing length almost always beats expanding the character set.
That said, using all available character types (upper, lower, digits, symbols) is still worthwhile because it raises the cost of dictionary and rule-based attacks that start from real words and apply predictable transformations. The combination of full character set and sufficient length produces the highest practical security.
To generate a password that maximizes entropy across all character types, try the 16-character password generator — it uses crypto.getRandomValues() to ensure true randomness across the full printable ASCII set.
Why Patterns Destroy Entropy
The entropy calculation above assumes the password is drawn uniformly at random. If a human chooses a password, that assumption breaks down immediately. Words, names, dates, keyboard walks ("qwerty", "1234"), and even "random-looking" substitutions ("3" for "E", "@" for "a") are all covered by rule-based attack modes in tools like Hashcat. A password like "P@ssw0rd1!" technically uses uppercase, lowercase, digits, and symbols — but its effective entropy is far below what the formula predicts, because it follows a pattern that appears in every serious wordlist.
True randomness from a CSPRNG eliminates this gap: the estimated entropy is the actual entropy. This is why using a password generator matters beyond just convenience — it guarantees you get the security the numbers promise.