How Long Does It Take to Crack a Password?

The chart, and the simple math behind it

The honest answer is: it depends almost entirely on two things — how long the password is and which characters it uses. Below is a reference chart assuming a fast offline attack (about 10 billion guesses per second, realistic for a modern GPU rig against leaked hashes).

Password crack-time chart

Length Lowercase only + Upper + Numbers All types + symbols
8instantminuteshours
10minutesdaysyears
12weekscenturiesmillions of years
16millenniabillions of yearseffectively forever

Estimates for a brute-force attack at ~10 billion guesses/second. Real-world times vary with hardware and hashing method.

Why length wins

Each character you add doesn't add to the difficulty — it multiplies it. A password drawn from 94 possible characters has 94 combinations at length 1, 94×94 at length 2, and so on. That's why going from 8 to 16 characters isn't twice as strong — it's astronomically stronger. Length is the single most powerful lever you have.

Why character variety matters too

Using only lowercase letters gives an attacker just 26 possibilities per character. Add uppercase (52), numbers (62), and symbols (~94) and each position becomes far harder to guess. Combine long and varied and you reach the "effectively forever" column.

Test your own password

Want to see where your password lands? Paste it into our password strength checker — it estimates the crack time instantly, entirely in your browser. Nothing is sent anywhere. If it comes back weak, our password generator will build you a strong one in a click.

🛡️ Check your password's crack time

Related guides