Password Crack Time Calculator

Password crack time depends on the password’s length, character set, and the attacker’s computing power. Modern GPU-based attacks can test billions of passwords per second.

Character set sizes:

• Numbers only (0–9): 10 characters
• Lowercase letters (a–z): 26 characters
• Lowercase + uppercase (a–z, A–Z): 52 characters
• Letters + numbers: 62 characters
• Letters + numbers + symbols: 95 characters

The formula: Total combinations = Character Set Size ^ Password Length Time to crack = Total Combinations / Guesses per Second

Attack speeds (2024):

• Online attack (rate-limited): 100–1,000 guesses/second
• Offline attack (single GPU): 10 billion guesses/second
• Offline attack (GPU cluster): 1 trillion guesses/second

Examples at 10 billion guesses/second:

• “password” (8 lowercase): 26^8 = 209 billion → 21 seconds
• “Password1” (9 mixed): 62^9 = 13.5 quadrillion → 15 days
• “P@ssw0rd!” (9 all types): 95^9 = 630 quadrillion → 2 years
• Random 12 mixed chars: 62^12 = 3.2 × 10^21 → 10,000 years
• Random 16 mixed chars: 62^16 = 4.8 × 10^28 → 150 billion years

Key insight: Length matters more than complexity. A 16-character lowercase password (26^16 = 4.4 × 10^22) is stronger than an 8-character password with all character types (95^8 = 6.6 × 10^15).

Best practices:

• Use a passphrase of 4+ random words (e.g., “correct horse battery staple”)
• Minimum 12 characters for any account
• Use a password manager to generate and store unique passwords
• Enable two-factor authentication (2FA) for critical accounts
• Never reuse passwords across sites

Note: This calculator assumes brute force attack. Dictionary attacks, credential stuffing, and social engineering can be much faster if the password is common or reused.