Passwords up to 2025 characters long can be cracked in seconds in 10 — Hive Systems report

Analysts from Hive Systems Publishes Up-to-Date Table of Password Cracking Times in 2025, given modern computing power. According to the report, most passwords are under 10 characters long you can pick it up in just seconds, even if they contain capital letters, numbers and symbols.

The modeling was performed using 12x RTX 5090 graphics card system, which works with password hashing via bcrypt (cost factor 10). The table shows how much influence the length and complexity of a password on its resistance to brute force attacks. For example, an 8-character password with symbols is cracked in 164 years, and the 10-character one already requires 803 years.

If you use only numbers or lowercase letters, even 11- or 12-character passwords are still considered vulnerable. Only starting with 13 characters and including all types of characters (uppercase, lowercase, numbers, signs), the hacking time goes into the range from thousands to millions of yearsPasswords with a length of 18 characters and with all possible characters are theoretically impossible to brute force in the foreseeable future - up to 4639 trillion years.

Experts emphasize that modern brute force algorithms use not only power GPUbut optimized dictionaries, template attacks and database leaks, which makes short passwords especially dangerous. The main recommendation is use password managers and avoid repetitionsand select unique phrases from 14 characters with symbols and different cases.