Check your password vulnerability to a brute force attack

Anyone reading Bitterwallet probably knows not to use "password" for your password, but many of us still sacrifice memorability for security. There are several ways to break passwords depending on the use and situation but one attack that can be done no matter if it's a laptop login or email account is a brute force attack. All that means is going through every single alphanumeric combination possible. The more digits, caps, symbols you use in a password the more difficult it is to brute force.

This site by Hackosis will calculate how long it would take to crack your password by brute force. Here's a few examples:

8 lower case letters: 0.76 hours
6 lower case letters and 2 numbers: 0.11 hours
8 lower case letters and 2 numbers: 75.97 hours
8 lower case letters and 2 numbers and 1 special character: 2,431.07 hours

It's interesting to note that having 8 lower case letters is more secure against a brute force than 6 lower case and 2 numbers. Obviously this is because the digits have less possibilities but many sites today ask your password to be composed of at least one or two numbers, which may actually increase vulnerability as people don't tend to extend their password length (it would decrease dictionary attacks though).



  • Paul
    There is a fundamenatl flaw with there calculation on the website.. It would not take a shorter time to crack 6 letters and 2 numbers compared to 8 letters, in fact its about 10 times longer. The script on the website does not take into consideration that the numbers can appear anywhere within your password, it is making the assumption that they are at the end, when in reality a brute force attack wouldn`t know.
    It was and with me. Let's discuss this question. Here or in PM.

What do you think?

Your comment