Security researchBy Torsten Schubert, Monswyk AG · Last updated: July 2026
An 8-character password with uppercase, lowercase, numbers and symbols feels strong. Against modern cracking hardware, it survives about 51 minutes.
Add four more characters — nothing else — and the same attack needs about 8,000 years.
We built Passwizard around this math. This page shows the actual numbers: how password length and character choice translate into cracking time, which assumptions those numbers depend on, and where the marketing claims you read elsewhere fall apart.
MethodologyThe strength of a random password is its entropy, measured in bits:
entropy = length × log₂(alphabet size)
A password using all four character classes draws from 94 characters (26 uppercase + 26 lowercase + 10 digits + 32 symbols), so each character adds log₂(94) ≈ 6.55 bits. An attacker must try, on average, half of all combinations:
time = (alphabet size ^ length) ÷ 2 ÷ guesses per second
Everything then depends on guesses per second — and that varies by a factor of ten billion depending on the attack:
|
| Online attack | ~100 | Attacker tries logins against the live service; rate limiting slows them down |
| Offline, slow hash (bcrypt) | ~100,000 | Attacker stole a database that uses a modern password hash |
| Offline, fast hash (NTLM/MD5) on a GPU rig | ~10¹² | Attacker stole a database with weak or legacy hashing — the realistic worst case |
The tables below use the worst case (10¹² guesses/second, consistent with published Hashcat benchmarks on current multi-GPU systems and the widely cited Hive Systems password table). If a number here differs from what you have read elsewhere, check the assumed hash and hardware — that is almost always the difference.
The numbersAverage time to crack, worst-case attacker (10¹² guesses per second):
|
| 8 characters | 52 bits | 51 minutes |
| 10 characters | 66 bits | 312 days |
| 12 characters | 79 bits | 8,000 years |
| 16 characters | 105 bits | 589 billion years |
| 20 characters | 131 bits | 4.6 × 10¹⁹ years |
| 32 characters | 210 bits | 2 × 10²² years |
For comparison: the universe is 1.4 × 10¹⁰ years old. This is why our generator defaults to 32 characters — not because 16 would be crackable, but because extra margin costs nothing when your password manager does the typing anyway.
Common misconceptionA common belief: symbols are what make passwords strong. The math says length matters far more.
|
| 8 characters, all classes (K9#mP2@v) | 52 bits | 51 minutes |
| 12 characters, lowercase only | 56 bits | 13 hours |
| 16 characters, lowercase only | 75 bits | 691 years |
| 20 characters, lowercase only | 94 bits | 316 million years |
Twenty lowercase letters beat eight “maximum complexity” characters by a factor of more than three billion. This matches NIST SP 800-63B, which recommends prioritizing length and dropping forced composition rules.
One critical caveat: this math only holds for random characters. “sunflowermeadow2024” is 19 characters but built from dictionary words — a wordlist attack finds it in minutes. Length only wins when the characters are random. That is exactly what a generator is for.
AlternativeFor the one password you must remember — your password manager's master password — a passphrase of randomly drawn words is the better tool:
|
| 4 words | 52 bits | 30 minutes |
| 5 words | 65 bits | 165 days |
| 6 words | 77 bits | 4,000 years |
| 7 words | 90 bits | 27 million years |
Six random words match twelve random characters (77 vs. 79 bits) — but “cactus-marble-thrift-onion-glow-verse” is memorable and typeable. Important: the words must come from a random draw — our passphrase mode does this locally in your browser — never from your own head. Human-chosen “random” words cluster heavily around a few thousand common ones.
Open the passphrase generator
Threat modelBrute force against a strong password is the attack that does not happen. Real compromises come from:
02
Phishing
No amount of entropy helps if you type the password into a fake site. This is what two-factor authentication is for.
How 2FA protects you
03
Human patterns
“Winter2026!” satisfies every complexity rule a website can throw at you — and falls to a rule-based wordlist attack instantly.
This is also why we removed “change your passwords every 90 days” from our recommendations: NIST guidance since 2017 says forced rotation produces predictable patterns (Winter2026! → Spring2027!) and advises changing passwords on evidence of compromise, not on a schedule.
Transparency- ◆Randomness comes from the Web Crypto API (crypto.getRandomValues()), the browser's cryptographically secure generator — not Math.random().
- ◆Generation runs entirely in your browser. Nothing is transmitted or stored — you can verify this in your browser's network tab.
- ◆We use rejection sampling to avoid modulo bias, so every character is exactly equally likely.
- ◆The entropy and crack-time figures shown live in the generator use the same formulas as this page.
Try the generator
Related toolsCombine these free tools for end-to-end protection. Everything runs locally or with strict privacy guarantees.
FAQIs a 12-character password still enough in 2026?▼
Against offline GPU attacks, a random 12-character password (79 bits) holds for about 8,000 years — sufficient for most accounts. For your master password and your email account we recommend more margin: 16+ characters or a 6-word passphrase, since these unlock everything else.
Do quantum computers change this?▼
Not meaningfully for password cracking in the foreseeable future. Grover's algorithm would theoretically halve the effective entropy bits, which is why 128+ bits (20+ random characters) is a comfortable long-term target — our 32-character default already exceeds it.
Why do other sites show different crack times?▼
Different assumptions: hash algorithm (bcrypt vs. NTLM changes results by a factor of ten million), hardware, and average vs. worst case. Our assumptions are stated in the methodology section above, so you can recalculate every number yourself.
References