Why Your 8-Character Password is a Major Risk
Most of us pick passwords that are easy to remember. Unfortunately, that also makes them easy for a computer to guess. Here is a straightforward look at just how quickly a short password can be cracked - and what you can do about it right now.
The 21-Second Reality Check
Think about the password you use most often. There is a good chance it is eight characters long, maybe a name or a common word followed by a couple of numbers. That might feel safe enough, but modern computers can test billions of combinations every single second.
In 2026, a reasonably powerful computer running freely available cracking software can blow through an 8-character lowercase password in roughly 21 seconds. That is not a typo. Twenty-one seconds is all it takes to try every possible combination of eight lowercase letters.
How Fast Can Your Password Be Cracked?
The table below shows estimated crack times at a rate of 10 billion guesses per second. This is a realistic speed for a modern graphics card running password-cracking software. Have a look at the difference a few extra characters and some mixed character types can make.
The jump from 8 characters to 12 characters is enormous. Going from seconds or hours to thousands of years is all down to the maths behind how combinations multiply. You can see this for yourself using our brute-force calculator.
| Password Type | Length | Crack Time |
|---|---|---|
| Lowercase only | 8 | ~21 seconds |
| Letters + digits | 8 | ~7 hours |
| All character types | 8 | ~6.5 hours |
| All character types | 10 | ~190 years |
| All character types | 12 | ~2,000 years |
| All character types | 14 | ~15 billion years |
How to Fix It Today
The good news is that you do not need to be a technology expert to dramatically improve your password security. Here are three steps you can take straight away.
metal-lemon-49-blanket is far stronger than a short, jumbled password like P@ssw0rd1!. Each extra character makes cracking exponentially harder. Aim for at least 14 characters. A passphrase of four random words separated by hyphens or numbers is both strong and easy to remember. Learn more about what makes a good password.
Spring2026! followed by Summer2026!. Pick a strong password once and keep it until there is a genuine reason to change. Read our password strength tips for more detail.
It comes down to convenience. Typing a short password is quick, and remembering a long random string is hard. The solution is a password manager. It remembers your passwords for you, generates strong ones automatically, and fills them in with a single click. You only need to memorise one master password.
What If I Already Use an 8-Character Password?
If you are reading this and realising your passwords are on the short side, do not panic. Start with the accounts that matter most - your email, your bank, and any account that stores payment details. Update those passwords first, making them at least 14 characters long. Then work your way through the rest over the coming days.
A password manager makes this process far less painful. It can generate a unique, strong password for every site and remember them all for you. Many are free or cost less than a pound a month.
Want to see exactly how your current password stacks up? Test your password strength with our free checker. Everything stays in your browser - we never see or store what you type.
Is Your Password Strong Enough?
Find out in seconds. Our password checker is 100% private - nothing ever leaves your browser.
Test Password Strength