Passwords are the first line of defense for any computerized system. Many passwords sadly only require 4, 6, or 8 digits long. When trying to crack such passwords, how many possible combinations would a hacker have to go through?

**There are over 20 million combinations for a 4-digit password, over 100 billion for a 6-digit, and 500 billion for an 8-digit. A longer password that uses various character types, including character spaces, has more entropy. This means it is harder to guess.**

A password’s entropy depends on its length and the number of possible characters. These numbers seem high, but remember that cracking tools make attacks easily possible. Read on to maximize what goes into making your passwords strong.

**Why Your Short Password Makes You Vulnerable **

Guessing a password is different from guessing an English word. It is not a Markov process, where we can more accurately guess the next character based on the knowledge of previous characters.

To guess a password, we have to guess the spelling precisely right. There is no partially correct guess. It has an all-or-nothing nature.

So, yes, it is difficult to guess passwords, but hackers love the task.

For example, in 2020, a young teenage boy from Florida managed to pull off an impressive attack. Graham Clark hacked into the Twitter accounts of 3 of the world’s wealthiest men – Elon Musk, Jeff Bezos, and Joe Biden. You might expect these individuals to have teams using the most secure password practices, yet the hack was successful.

The quality of a password depends on how long it takes to find the right match. The longer it takes, the better the quality is. Thus, we can measure the quality of a password by its

- Length
- Character set

The longer and more types of characters used, the better.

**Warning**: Your password should not contain any dictionary words from any language. If you have trouble coming up with such a combination,** use a random password generator.**

A simple question, does your password have a good entropy? Is cracking it a task a hacker will complete in the next lifetime?

Let’s go over the different password combinations and how long it would take to crack each one.

**How Many Passwords Are Possible With 4 Digits?**

Most credit card companies require a numeric 4-digit pin.

According to findings from an extensive survey, 26.83% of users only use the top 20 of the most common 4-digits password combinations. Some of which include 1234, 1111, and 0000. **Stay away from these simplistic PINs.**

The table below shows how many possible passwords can be possible from a 4-character password.

4-CHARACTER PASSWORD | Numbers Only | Numbers and Letters | Numbers, Letters and Common Symbols |

Possible Combinations | 11,110 | 1,727,604 | 23,000,460 |

Time to Crack in an Online Attack Scenario | 11.11 seconds | 28.79 minutes | 6.39 hours |

Time to Crack Offline | 0.000000111 seconds | 0.0000173 seconds | 0.00023 seconds |

**How Many Passwords Are Possible With 6 Digits?**

Some social media companies like Instagram allow users to use weak passwords that are all but 6-characters long.

And needless to say that 123456 and “qwerty” are laughable passwords one shouldn’t use.

The table below shows how many passwords can be made from six digits.

6-DIGIT PASSWORD | Numbers Only | Numbers and Letters | Numbers, Letters and Common Symbols |

Possible Combinations | 1,111,110 | 2,238,976,116 | 109,505,194,890 |

Time to Crack in an Online Attack Scenario | 18.52 minutes | 3.70 weeks | 3.48 years |

Time to Crack Offline | 0.0000111 seconds | 0.0224 seconds | 1.10 seconds |

**How Many Passwords Are Possible With 8 Digits?**

According to researchers, an okay password is at least 8 characters long, with at least 3 special characters plus other alphanumeric characters.

But even in this more secure batch, common character passwords like “password” are not difficult to guess and therefore not safe to use.

The table below shows how many passwords can be made from just 8-digits.

8-CHARACTER PASSWORD | Numbers Only | Numbers and Letters | Numbers, Letters and Common Symbols |

Possible Combinations | 111,111,110 | 2,901,713,047,668 | 521,354,232,876,120 |

Time to Crack in an Online Attack Scenario | 1.29 days | 92.27 years | 1.66 hundred centuries |

Time to Crack Offline | 0.00111 seconds | 29.02 seconds | 1.45 hours |

We can do even better than just using an “Okay” password.

**How Many Passwords Are Possible With 10 Digits?**

Provided you use a combination of numbers, letters, and common symbols, a 10-character password is almost twice as secure as a 6-character password.

I found that the 17th most commonly used 10-digit password is the first ten digits in the value of Pi (without the decimal).

So, 3.141592654 is not a good password to use as well. The table below shows how many different passwords can be made from 10 digits.

10-CHARACTER PASSWORD | Numbers Only | Numbers and Letters | Numbers, Letters and Common Symbols |

Possible Combinations | 11,111,111,110 | 3,760,620,109,779,060 | 2,482,167,502,723,212,150 |

Time to Crack in an Online Attack Scenario | 4.24 months | 1.20 thousand centuries | 7.89 hundred thousand centuries |

Time to Crack Offline | 0.111 seconds | 10.45 hours | 9.47 months |

Ideally, your passwords should be no less than 10 characters. Check out the numbers when we move higher in password length.

**How Secure Is A 15-Character Password?**

The table below shows how many passwords can be made from 15 digits. Some of which a hacker would need a time machine to crack.

15-CHARACTER PASSWORD | Numbers Only | Numbers and Letters | Numbers, Letters and Common Symbols |

Possible Combinations | 1.11 quadrillion | 227.39 sextillion | 3.88 octillion |

Time to Crack in an Online Attack Scenario | 3.53 hundred centuries | 72.30 billion centuries | 1.23 thousand trillion centuries |

Time to Crack Offline | 3.09 hours | 7.23 hundred centuries | 12.34 million centuries |

Why does password strength really start to take off with length?

**Relationship Between Password Entropy and Length**

Entropy refers to the randomness in a password. The more random, the more difficult it is to guess.

The entropy of a password is directly related to the length of the password.

The longer the password and the more character types used, the more entropy and the stronger the password.

**The takeaway:**

Use a random password generator to produce a 10-character or longer string of many character types, then store the password in a password manager.