How Many Passwords Are Possible With 4, 6, 8, Or More Digits?


Passwords are the first line of defense for any computerized system. Many passwords sadly only require 4, 6, or 8 digits long. When trying to crack such passwords, how many possible combinations would a hacker have to go through? 

There are over 20 million combinations for a 4-digit password, over 100 billion for a 6-digit, and 500 billion for an 8-digit. A longer password that uses various character types, including character spaces, has more entropy. This means it is harder to guess.

A password’s entropy depends on its length and the number of possible characters. These numbers seem high, but remember that cracking tools make attacks easily possible. Read on to maximize what goes into making your passwords strong.

Person in hoodie and anonymous mask with a keyboard and numbers floating around to hack a password.

Why Your Short Password Makes You Vulnerable

Guessing a password is different from guessing an English word. It is not a Markov process, where we can more accurately guess the next character based on the knowledge of previous characters.

To guess a password, we have to guess the spelling precisely right. There is no partially correct guess. It has an all-or-nothing nature.

So, yes, it is difficult to guess passwords, but hackers love the task.

For example, in 2020, a young teenage boy from Florida managed to pull off an impressive attack. Graham Clark hacked into the Twitter accounts of 3 of the world’s wealthiest men – Elon Musk, Jeff Bezos, and Joe Biden. You might expect these individuals to have teams using the most secure password practices, yet the hack was successful. 

The quality of a password depends on how long it takes to find the right match. The longer it takes, the better the quality is. Thus, we can measure the quality of a password by its

  • Length
  • Character set  

The longer and more types of characters used, the better. 

Warning: Your password should not contain any dictionary words from any language. If you have trouble coming up with such a combination, use a random password generator.

A simple question, does your password have a good entropy? Is cracking it a task a hacker will complete in the next lifetime?

Let’s go over the different password combinations and how long it would take to crack each one.

How Many Passwords Are Possible With 4 Digits?

Most credit card companies require a numeric 4-digit pin.

According to findings from an extensive survey, 26.83% of users only use the top 20 of the most common 4-digits password combinations. Some of which include 1234, 1111, and 0000. Stay away from these simplistic PINs.

The table below shows how many possible passwords can be possible from a 4-character password. 

4-CHARACTER PASSWORDNumbers Only Numbers and LettersNumbers, Letters and Common Symbols
Possible Combinations11,1101,727,60423,000,460
Time to Crack in an Online Attack Scenario11.11 seconds28.79 minutes6.39 hours
Time to Crack Offline0.000000111 seconds0.0000173 seconds0.00023 seconds

How Many Passwords Are Possible With 6 Digits?

Some social media companies like Instagram allow users to use weak passwords that are all but 6-characters long.

And needless to say that 123456 and “qwerty” are laughable passwords one shouldn’t use.

The table below shows how many passwords can be made from six digits.

6-DIGIT PASSWORDNumbers Only Numbers and LettersNumbers, Letters and Common Symbols
Possible Combinations1,111,110 2,238,976,116109,505,194,890
Time to Crack in an Online Attack Scenario18.52 minutes3.70 weeks3.48 years
Time to Crack Offline0.0000111 seconds0.0224 seconds1.10 seconds

How Many Passwords Are Possible With 8 Digits?

According to researchers, an okay password is at least 8 characters long, with at least 3 special characters plus other alphanumeric characters. 

But even in this more secure batch, common character passwords like “password” are not difficult to guess and therefore not safe to use.

The table below shows how many passwords can be made from just 8-digits.

8-CHARACTER PASSWORDNumbers Only Numbers and LettersNumbers, Letters and Common Symbols
Possible Combinations111,111,1102,901,713,047,668521,354,232,876,120
Time to Crack in an Online Attack Scenario1.29 days92.27 years1.66 hundred centuries
Time to Crack Offline0.00111 seconds29.02 seconds1.45 hours

We can do even better than just using an “Okay” password.

How Many Passwords Are Possible With 10 Digits?

Provided you use a combination of numbers, letters, and common symbols, a 10-character password is almost twice as secure as a 6-character password.

I found that the 17th most commonly used 10-digit password is the first ten digits in the value of Pi (without the decimal).

So, 3.141592654 is not a good password to use as well. The table below shows how many different passwords can be made from 10 digits.

10-CHARACTER PASSWORDNumbers Only Numbers and LettersNumbers, Letters and Common Symbols
Possible Combinations11,111,111,1103,760,620,109,779,0602,482,167,502,723,212,150
Time to Crack in an Online Attack Scenario4.24 months1.20 thousand centuries7.89 hundred thousand centuries
Time to Crack Offline0.111 seconds10.45 hours9.47 months

Ideally, your passwords should be no less than 10 characters. Check out the numbers when we move higher in password length.

How Secure Is A 15-Character Password?

The table below shows how many passwords can be made from 15 digits. Some of which a hacker would need a time machine to crack.

15-CHARACTER PASSWORDNumbers Only Numbers and LettersNumbers, Letters and Common Symbols
Possible Combinations1.11 quadrillion227.39 sextillion 3.88 octillion
Time to Crack in an Online Attack Scenario3.53 hundred centuries72.30 billion centuries1.23 thousand trillion centuries
Time to Crack Offline3.09 hours7.23 hundred centuries12.34 million centuries

Why does password strength really start to take off with length? 

Relationship Between Password Entropy and Length

Entropy refers to the randomness in a password. The more random, the more difficult it is to guess.

How many passwords are possible with 4, 6, 8, or more digits?

The entropy of a password is directly related to the length of the password.

The longer the password and the more character types used, the more entropy and the stronger the password.

The takeaway:

Use a random password generator to produce a 10-character or longer string of many character types, then store the password in a password manager.

Mike Chu

Mike is a web developer and content writer living as a digital nomad. With more than 20 years of devops experience, he brings his "programmer with people skills" approach to help explain technology to the average user. Check out his full author bio by clicking here.

Recent Posts