How Long Does It Take to Crack a Password?

When security researchers and engineers talk about password strength, they almost always express it as entropy — the number of bits of randomness in a password. Entropy is a direct measure of how many guesses an attacker must make, on average, to find the correct value. Understanding it explains why some password rules matter enormously and others barely move the needle.

What Is Password Entropy?

Entropy is calculated as:

H = L × log2(N)

where L is the password length in characters and N is the size of the character set. For a password drawn from all 95 printable ASCII characters (uppercase, lowercase, digits, symbols), each character contributes log2(95) ≈ 6.57 bits. A 16-character password therefore has approximately 105 bits of entropy.

Why bits? Because each bit doubles the search space. 105 bits means the attacker faces 2105 ≈ 4 × 1031 possible passwords. Even the most powerful GPU clusters in the world cannot search that space in any meaningful timeframe — measured in billions of years rather than seconds.

The 10 Billion Guesses Per Second Assumption

Crack-time estimates depend critically on the hardware available and the hashing algorithm used to store the password. The 10 billion (1010) guesses per second baseline used in the table below represents an offline attack against a fast hash like MD5 or NTLM using consumer-grade GPUs — a realistic and commonly used benchmark in academic and industry analysis.

In practice, well-configured systems use memory-hard algorithms like bcrypt, scrypt, or Argon2id, which reduce the achievable rate to thousands or tens of thousands of guesses per second. However, using a conservative (attacker-friendly) assumption highlights which lengths are safe even in the worst case.

Time to crack a random password (2026)

Estimated average time to brute-force a truly random password, by length and character set.

Time to brute-force a random password by length (rows) and character set (columns), assuming 10 billion guesses per second against a fast hash.
LengthNumbers0-9 · 10Lowercasea-z · 26Upper + lowerA-z · 52Letters + digits+0-9 · 62All + symbols+!@# · 94
6 charsInstantInstantInstant3 sec27 sec
8 charsInstant14 sec59 min4 hr3 days
10 charsInstant2 hr3 mo2 yrs117 yrs
12 chars55 sec1 mo468 yrs4k yrs958k yrs
14 chars2 hr117 yrs2M yrs15M yrs8B yrs
16 chars5 days60k yrs4B yrs63B yrsEons
18 chars2 yrs61M yrsEonsEonsEons
20 chars117 yrs31B yrsEonsEonsEons

Assumes an offline attacker testing 10 billion guesses/second against a fast, unsalted hash (e.g. MD5 or NTLM) — a deliberately conservative benchmark. Memory-hard hashes like bcrypt, scrypt, or Argon2id reduce that rate to thousands per second, making every figure far longer. Times are averages (half the keyspace) and assume a truly random password — human patterns crack far faster. Updated June 2026.

Online Attacks vs Offline Attacks

The table above models an offline attack — the attacker has obtained a copy of the hashed password database and can test guesses locally at maximum speed without any rate limiting. This happens after a data breach where the password store is exfiltrated.

An online attack targets a live login form. The attacker must send each guess over the network and wait for a response. Modern websites implement rate limiting, CAPTCHA, and account lockout after a small number of failed attempts (typically 5–10). This means online attacks are effectively capped at hundreds or thousands of guesses — making even a moderately long password extremely difficult to crack through a login form directly.

The distinction matters because it defines when password length is critical: the offline scenario (post-breach) is the one that truly stress-tests your password. If your password hash is ever leaked, you want enough entropy that the attacker cannot crack it before you change it — which is why 80+ bits is the widely accepted floor for high-security credentials, and 100+ bits is preferred.

Character Set Size Matters — But Not As Much As Length

Adding one character type (say, symbols) to a password drawn from lowercase letters expands the character set from 26 to roughly 58, adding about 1.15 bits per character. Adding one more character to the length of an all-lowercase password adds log2(26) ≈ 4.7 bits immediately. For passwords of 12 characters or more, increasing length almost always beats expanding the character set.

That said, using all available character types (upper, lower, digits, symbols) is still worthwhile because it raises the cost of dictionary and rule-based attacks that start from real words and apply predictable transformations. The combination of full character set and sufficient length produces the highest practical security.

To generate a password that maximizes entropy across all character types, try the 16-character password generator — it uses crypto.getRandomValues() to ensure true randomness across the full printable ASCII set.

Why Patterns Destroy Entropy

The entropy calculation above assumes the password is drawn uniformly at random. If a human chooses a password, that assumption breaks down immediately. Words, names, dates, keyboard walks ("qwerty", "1234"), and even "random-looking" substitutions ("3" for "E", "@" for "a") are all covered by rule-based attack modes in tools like Hashcat. A password like "P@ssw0rd1!" technically uses uppercase, lowercase, digits, and symbols — but its effective entropy is far below what the formula predicts, because it follows a pattern that appears in every serious wordlist.

True randomness from a CSPRNG eliminates this gap: the estimated entropy is the actual entropy. This is why using a password generator matters beyond just convenience — it guarantees you get the security the numbers promise.

Need a password right now?

Generate a strong one in your browser — nothing is stored or sent anywhere.

Generate a password

Written & reviewed by Andrew Ivanov, Fractional CTO. Last reviewed .