Passwords under seven characters can be cracked within a matter of hours, according to Hive Systems’ annual audit of hackers’ ability to crack passwords.

The good news is that due to the widespread use of stronger password hashing algorithms to protect data, the time it takes hackers to crack passwords has increased.

“Looking at the data and the increase in time it takes hackers to crack passwords, it could be easy to assume that the cybersecurity industry has made great strides in protecting our data,” said Alex Nette, CEO and co-founder of Hive Systems. “Unfortunately, every time we make it harder for hackers, they find new ways around even the strongest protections. The increased times shown in our 2024 Password Table are promising, but we’re likely to see these times come down again in the near future as computing power increases.”

Last year, research from the Richmond, Va., cybersecurity company found that some 11-character passwords could be cracked instantaneously.

This year’s findings revealed the effectiveness of newer industry-standard password hashing algorithms – like bcrypt – for encrypting passwords in databases. As a result, that same 11-character password takes longer to be cracked.

Though stronger algorithms have made it more challenging to crack passwords, it’s highly unlikely to stay that way, the cybersecurity company said.

“The nice thing about bcrypt is that as computers get faster you just increase the work factor to crack passwords,” said Corey Neskey, VP of Quantitative Risk at Hive Systems. “However at a certain point, the algorithm becomes frustratingly unusable for web applications and websites, and so compromises have to be made – creating opportunities for hackers.”

The most effective data protection includes multi-factor authentication and a password manager with random, complex passphrases.

Multi-factor authentication – a generally free cybersecurity tool that requires a multi-step process to log into online accounts – ensures that any login is approved by the owner of the account, Hive Systems said.

Because of publicly available artificial intelligence tools, a second step requiring the personal action of a user to confirm their identity is the best way to keep account information safe, the company recommended.

The use of a password manager for creating and storing passwords also significantly increases the safety and security of passwords, it added. A caveat is that the passwords will continue to become less and less secure as hacking techniques become more sophisticated.