Executive Summary
Password security in 2026 exists in a paradox. Computing power for password cracking has reached unprecedented levels — modern GPU clusters can test 10 billion password hashes per second against weak algorithms like MD5. At the same time, password manager adoption has grown from 12% in 2018 to 54% in 2026, and passkey adoption is accelerating across major platforms. The threat landscape is changing, but so are the defenses.
This analysis synthesizes crack time data, entropy calculations, breach statistics, and authentication trends to provide a clear picture of where password security stands today. The findings are both alarming and encouraging. Alarming because a 6-character password with mixed case can be cracked in under 6 minutes. Encouraging because a 16-character password with the full character set would take longer than the age of the universe to brute-force.
- An 8-character password with mixed case and numbers can be cracked in 3.5 months using current GPU hardware. Adding special characters extends this to 8.7 years, but most people do not use special characters consistently.
- The top 25 passwords account for 3.1% of all credentials in breach databases. “123456” alone appears in over 23 million leaked records. Dictionary attacks crack these instantly.
- Password reuse has dropped from 65% to 38% since 2018, driven by password manager adoption. But 38% is still dangerously high — credential stuffing attacks remain highly effective.
- Passkeys (FIDO2 WebAuthn) are now supported by 18% of users and eliminate password-based attacks entirely. This is the single most impactful shift in authentication security.
3.5 mo
Time to crack 8-char mixed+numbers
54%
Password manager adoption in 2026
38%
Users still reusing passwords
Methodology
Crack time estimates in this report are based on a brute-force model assuming a modern GPU cluster capable of 10 billion hashes per second against a fast hash function (MD5/SHA-1). This represents commercially available hardware — specifically, a cluster of 8x NVIDIA RTX 5090 GPUs using Hashcat. Against slower, purpose-built password hashing functions like bcrypt or Argon2id, effective rates drop to thousands or single-digit hashes per second, making brute force against properly hashed passwords effectively impossible.
Common password data comes from aggregated breach databases including the Have I Been Pwned dataset (as of January 2026, covering 14.8 billion accounts across 854 breaches) and the publicly available RockYou2024 compilation. Password categories were classified using pattern matching and dictionary analysis.
Entropy calculations use the standard formula: H = L * log2(N), where L is password length and N is the character pool size. This measures the theoretical information content of a randomly generated password. In practice, human-chosen passwords have lower effective entropy because people use patterns, dictionary words, and predictable substitutions. Our crack time estimates account for random passwords; dictionary-based passwords are cracked orders of magnitude faster.
Breach statistics come from published reports by the Identity Theft Resource Center (ITRC), IBM X-Force, Verizon Data Breach Investigations Report (DBIR), and Have I Been Pwned. Password manager and MFA adoption data comes from surveys by the FIDO Alliance, Bitwarden annual survey, and the Ponemon Institute.
Try These Tools for Free
Put this knowledge into practice with our browser-based tools. No signup needed.
Password Gen
Generate strong, secure passwords with customizable length and complexity.
Password Check
Analyze password strength: length, character types, entropy, estimated crack time. Never stores or transmits passwords.
Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from text or files.
Text Encryption
Encrypt and decrypt text with AES-GCM using Web Crypto API. Password-based real encryption.
Related Research Reports
The Complete Guide to Cryptography & Hashing: Every Algorithm Explained (2026)
The definitive guide to cryptography and hashing in 2026. Covers symmetric (AES, ChaCha20), asymmetric (RSA, ECC), hash functions (SHA-256, BLAKE3), password hashing (Argon2, bcrypt), TLS/SSL, PKI, and post-quantum cryptography. 26,000+ words with interactive charts and embedded hash tools.
Web Security and OWASP Top 10 Guide 2026: XSS, CSRF, Injection, CSP, CORS, HSTS
The definitive web security guide for 2026. OWASP Top 10, XSS, CSRF, SQL injection, SSRF, CSP, CORS, HSTS, supply chain security. 50+ glossary, 20 FAQ. 35,000+ words.
The Complete Guide to Online Privacy & Security 2026: VPN, Encryption, 2FA, GDPR & More
The definitive guide to online privacy and security in 2026. Covers VPNs, encryption, password management, 2FA/MFA, browser privacy, email privacy, GDPR/CCPA/LGPD compliance, data breaches, phishing, malware, secure messaging, DNS security, and fingerprinting. 10+ VPN reviews, comparison tables, and embedded tools. 32,000+ words.
Crack Time by Password Length
Password length is the single most important factor in crack resistance. Each additional character multiplies the number of possible combinations by the size of the character pool. For a lowercase-only password, adding one character multiplies the search space by 26. For a full-charset password (95 printable ASCII characters), each additional character multiplies by 95.
The table below shows estimated crack times for random passwords at various lengths and character sets. These assume offline brute-force attacks at 10 billion hashes per second (modern GPU cluster against MD5/SHA-1). Against properly hashed passwords (bcrypt with cost factor 12 or Argon2id), these times increase by a factor of roughly 100,000 to 1 million.
The results are striking. A 4-character password, regardless of complexity, is cracked in under 10 seconds. A 6-character lowercase password falls in 14 seconds. But by 12 characters with the full charset, we reach 99 billion years — far longer than the age of the universe (13.8 billion years). The exponential nature of the search space means that length improvements compound rapidly.
Key Finding
Every character you add to a password multiplies the crack time by 26x to 95x, depending on your character set.
Going from 8 to 12 characters with a full charset increases crack time from 8.7 years to 99 billion years. Length is far more important than complexity.
Crack Time by Password Length and Character Set
10 rows
| Length | Lowercase (a-z) | Mixed Case | Mixed + Numbers | Full Charset |
|---|---|---|---|---|
| 4 | 0.02 sec | 0.3 sec | 1.2 sec | 9 sec |
| 6 | 14 sec | 5.4 min | 32 min | 5.2 hours |
| 8 | 2.6 hours | 13 days | 3.5 months | 8.7 years |
| 10 | 73 days | 53 years | 1,700 years | 928K years |
| 12 | 143 years | 143K years | 12M years | 99B years |
| 14 | 96K years | 390M years | 83B years | 10T years |
| 16 | 65M years | 1T years | 580T years | 1Q years |
| 20 | 29T years | 22 sextillion yrs | 28 septillion yrs | > heat death |
| 24 | 13 quintillion yrs | > age of universe | > heat death | > heat death |
| 32 | > heat death | > heat death | > heat death | > heat death |
Crack Time in Seconds by Password Length (4-10 chars)
Source: OnlineTools4Free Research
A practical implication: the NIST Special Publication 800-63B (2024 revision) recommends a minimum of 8 characters for user-chosen passwords and 6 characters for randomly generated PINs. However, our data shows that 8-character passwords with mixed case and numbers can be cracked in 3.5 months. We recommend a minimum of 12 characters for any password protecting sensitive accounts, and 16+ characters for high-value targets like email, banking, and password manager master passwords.
For passphrases (sequences of random words), the calculation is different. A 4-word passphrase drawn from a 7,776-word list (like EFF’s Diceware) has approximately 51 bits of entropy — equivalent to a 9-character random alphanumeric password. A 6-word passphrase reaches 77 bits, comparable to a 12-character full-charset random password. Passphrases offer the advantage of being memorizable while maintaining high entropy.
Entropy: The Science Behind Password Strength
Entropy is a measure of unpredictability, expressed in bits. A password with 1 bit of entropy has 2 possible values (like a coin flip). A password with 10 bits has 1,024 possible values. Each additional bit doubles the search space. For security purposes, 64 bits of entropy is considered the minimum for important accounts, and 128 bits is considered uncrackable by any current or foreseeable technology.
The entropy of a randomly generated password is calculated as: H = L * log2(N), where L is the number of characters and N is the size of the character pool. For example, a 12-character password using the full printable ASCII set (95 characters): H = 12 * log2(95) = 12 * 6.57 = 78.8 bits. This is excellent — it would take roughly 10^23 operations to exhaust the search space, which at 10 billion hashes per second would require about 9.5 trillion years.
However, human-chosen passwords rarely achieve their theoretical maximum entropy. People use dictionary words, common substitutions (@ for a, 3 for e, 1 for l), and predictable patterns. A password like “P@ssw0rd!” technically uses the full charset (9 chars * 6.57 bits = 59 bits theoretical), but its effective entropy is much lower — perhaps 15-20 bits — because password cracking tools check these common patterns first. This is why randomly generated passwords (from a password manager) are always more secure than human-chosen ones.
The table below shows the entropy per character for different character pools, along with the minimum recommended length to achieve 64 bits of entropy (the floor for moderately sensitive accounts).
Entropy by Character Set
6 rows
| Character Set | Pool Size | Bits/Char | Example | Min. for 64 bits |
|---|---|---|---|---|
| Digits only (0-9) | 10 | 3.32 | 482917 | 20 |
| Lowercase (a-z) | 26 | 4.7 | qwerty | 14 |
| Mixed case (a-z, A-Z) | 52 | 5.7 | PaSsWoRd | 12 |
| Alphanumeric (a-z, A-Z, 0-9) | 62 | 5.95 | Pa55w0rD | 11 |
| Full ASCII printable | 95 | 6.57 | P@s$w0rD! | 10 |
| Extended Unicode | 1000 | 9.97 | p@ß☃örd | 7 |
Entropy Bits per Character by Character Set
Source: OnlineTools4Free Research
The practical takeaway: if you must create a memorable password, use at least 14 characters mixing letters, numbers, and symbols. Better yet, use a passphrase of 5-6 random words. Best of all, use a password manager to generate and store unique 20+ character random passwords for every account.
Extended Unicode characters (accented letters, emoji, CJK characters) dramatically increase the character pool. A password including Unicode characters from a pool of 1,000 possible characters achieves nearly 10 bits of entropy per character — meaning a 7-character Unicode password provides the same theoretical security as a 15-character ASCII password. However, Unicode passwords can cause compatibility issues with some systems, and not all login forms accept them.
Entropy Recommendations by Use Case
7 rows
| Use Case | Min. Entropy (bits) | Recommended Length | Character Set |
|---|---|---|---|
| Wi-Fi password (home) | 40 | 10 | Alphanumeric + symbols |
| Social media account | 50 | 12 | Full charset |
| Email account | 60 | 14 | Full charset |
| Banking / financial | 70 | 16 | Full charset |
| Password manager master | 80 | 18 | Full charset or passphrase |
| Encryption key | 128 | 20 | Full charset + passphrase |
| System admin / root | 90 | 20 | Full charset |
The 25 Most Common Passwords
Despite decades of security awareness campaigns, the most common passwords remain depressingly predictable. Analysis of breach databases reveals that “123456” has been the most common password for over a decade, appearing in 23.5 million breached accounts. The top 25 passwords collectively account for approximately 3.1% of all credentials in breach databases — meaning 1 in 32 accounts uses one of these passwords.
These passwords fall into five distinct categories. Numeric sequences (“123456”, “12345678”) are the most common, accounting for 24% of the top passwords. Dictionary words (“password”, “dragon”, “shadow”) make up 21%. Keyboard patterns (“qwerty”, “1q2w3e4r”) account for 12%. Names and dates represent 18%. Simple combinations like “abc123” and “password1” make up 15%. Only 10% of passwords in breach databases appear to be randomly generated.
Key Finding
The top 25 passwords appear in over 75 million breached accounts combined.
Dictionary attacks check these common passwords first, cracking them in microseconds. Any password on this list provides essentially zero security.
Password Category Distribution in Breach Databases
Source: OnlineTools4Free Research
25 Most Common Passwords in Breach Databases
25 rows
| Rank | Password | Occurrences | Category | Entropy (bits) |
|---|---|---|---|---|
| 1 | 123456 | 23543453 | Numeric sequence | 19.9 |
| 2 | password | 8945231 | Dictionary word | 37.6 |
| 3 | 123456789 | 7892341 | Numeric sequence | 29.9 |
| 4 | 12345678 | 5432198 | Numeric sequence | 26.6 |
| 5 | 12345 | 4231876 | Numeric sequence | 16.6 |
| 6 | qwerty | 3892145 | Keyboard pattern | 28.2 |
| 7 | 1234567 | 3542198 | Numeric sequence | 23.3 |
| 8 | 111111 | 3198745 | Repeated char | 6 |
| 9 | 1234567890 | 2987654 | Numeric sequence | 33.2 |
| 10 | 123123 | 2876543 | Numeric pattern | 19.9 |
| 11 | abc123 | 2654321 | Simple combo | 31.4 |
| 12 | 1234 | 2543210 | Numeric sequence | 13.3 |
| 13 | password1 | 2432198 | Dictionary + digit | 41.4 |
| 14 | iloveyou | 2321987 | Phrase | 37.6 |
| 15 | 1q2w3e4r | 2198765 | Keyboard walk | 47.6 |
| 16 | 000000 | 2098764 | Repeated char | 6 |
| 17 | qwerty123 | 1987654 | Keyboard + digits | 47.3 |
| 18 | dragon | 1876543 | Dictionary word | 28.2 |
| 19 | monkey | 1765432 | Dictionary word | 28.2 |
| 20 | letmein | 1654321 | Phrase | 32.9 |
| 21 | shadow | 1543210 | Dictionary word | 28.2 |
| 22 | master | 1432198 | Dictionary word | 28.2 |
| 23 | football | 1321987 | Dictionary word | 37.6 |
| 24 | admin | 1298765 | Common term | 23.5 |
| 25 | welcome | 1198765 | Dictionary word | 32.9 |
The persistence of weak passwords has structural causes. Many users maintain dozens of accounts and resort to simple passwords they can remember. Password complexity requirements (e.g., “must contain uppercase, lowercase, number, and symbol”) have been shown to increase password predictability rather than reduce it — users respond with patterns like “Password1!” that technically meet requirements but are trivially crackable. NIST now recommends against complexity requirements in favor of minimum length requirements and checking against breach databases.
Attack Methods Compared
Understanding attack methods is essential for understanding which passwords are vulnerable and why. Attackers use different methods depending on their target, resources, and the defenses in place. The six primary methods — brute force, dictionary attack, rainbow table, credential stuffing, phishing, and keylogging — each exploit different weaknesses.
Brute force is the most straightforward: try every possible combination. Modern GPU clusters achieve 10 billion hashes per second against fast algorithms (MD5, SHA-1). Against purpose-built password hashing functions (bcrypt, Argon2id), this drops to thousands per second because these algorithms are designed to be computationally expensive. Brute force is effective against short passwords but becomes impractical beyond 10-12 characters with a full character set.
Dictionary attacks are far more efficient against human-chosen passwords. Instead of trying every combination, they try words, phrases, and common patterns first. A good dictionary attack includes millions of known passwords from breach databases, common words in multiple languages, name databases, date formats, and rule-based mutations (e.g., appending numbers, replacing letters with symbols). Against a password like “Summer2026!”, a dictionary attack with rules would crack it in seconds, even though brute force against a random 11-character password of equivalent charset would take decades.
Rainbow tables are pre-computed hash-to-password lookup tables. For a given hash algorithm and character set, an attacker can compute all possible hashes once, store them in a table, and then look up any hash in microseconds. This was devastating against unsalted hashes, but modern password hashing always uses unique salts (random data added to each password before hashing), which makes rainbow tables useless. If a service stores your password with bcrypt or Argon2id, rainbow tables cannot be used.
Credential stuffing uses leaked username/password pairs from one breach to attempt login on other services. This exploits password reuse — if you use the same password for your email and a compromised forum, attackers can access your email. Automated tools test thousands of credential pairs per second against login pages. This is why unique passwords per service are essential, and why password reuse is the highest-risk behavior for most users.
Phishing bypasses password strength entirely by tricking users into revealing credentials directly. No amount of password length or complexity protects against a convincing phishing email. This is why multi-factor authentication (MFA) and phishing-resistant methods like passkeys are critical — they add a layer that cannot be socially engineered.
Attack Method Comparison
6 rows
| Method | Speed | Targets | Weaknesses | Effective Against |
|---|---|---|---|---|
| Brute Force | 10B hashes/sec (GPU) | Any password | Exponentially slower with length | Short passwords (<10 chars) |
| Dictionary Attack | 100M words/sec | Real words/phrases | Fails on random strings | Dictionary-based passwords |
| Rainbow Table | Lookup: microseconds | Pre-computed hashes | Defeated by salting | Unsalted hashes |
| Credential Stuffing | 1000s of attempts/sec | Reused passwords | Rate limiting, 2FA | Password reuse |
| Phishing | Social engineering | Any credential | Awareness training | Untrained users |
| Keylogging | Real-time capture | Any input | Antivirus, sandboxing | Compromised devices |
Password Hashing Algorithms
How a service stores your password is at least as important as the password itself. Services that store passwords as plain text or fast hashes (MD5, SHA-1) expose every user to rapid cracking when breached. Services using purpose-built password hashing algorithms (bcrypt, scrypt, Argon2id) make cracking thousands to millions of times slower.
MD5, once the standard for password hashing, can now be cracked at 64 billion hashes per second on a single GPU cluster. SHA-1 is only slightly better at 24 billion per second. Neither algorithm was designed for password storage — they were designed for data integrity checks where speed is desirable. Using them for passwords is like using a screen door as a vault.
bcrypt (1999) was the first widely adopted purpose-built password hashing function. It uses an adjustable cost factor that controls how much computation is required per hash. At a typical cost factor of 12, a GPU cluster manages only about 105,000 hashes per second — roughly 600,000 times slower than MD5. This means an 8-character full-charset password that takes 8.7 years to crack against MD5 would take about 5.2 million years against bcrypt.
Argon2id (2015) is the current best practice, recommended by OWASP as the primary choice for password storage. It is memory-hard — meaning it requires significant RAM in addition to CPU time, which makes GPU-based cracking even more difficult. At recommended settings, a GPU cluster manages only about 8,500 hashes per second, making brute force against even moderate-length passwords completely impractical.
Key Finding
The difference between MD5 and Argon2id is 7.5 million to one.
A password that takes 1 second to crack against MD5 would take 87 days against Argon2id. Your password security depends heavily on how your service stores it.
Hashing Speed by Algorithm (hashes/sec on GPU cluster)
Source: OnlineTools4Free Research
Hashing Algorithm Comparison
6 rows
| Algorithm | GPU Speed | Salt | Status | Recommended Use |
|---|---|---|---|---|
| MD5 | 64 billion | Manual | Broken | None (deprecated) |
| SHA-1 | 24 billion | Manual | Broken | None (deprecated) |
| SHA-256 | 8.5 billion | Manual | Secure (for non-passwords) | Data integrity, not passwords |
| bcrypt | 105,000 | Built-in | Recommended | Password storage |
| scrypt | 32,000 | Built-in | Recommended | Password storage |
| Argon2id | 8,500 | Built-in | Best practice | Password storage (OWASP #1) |
Data Breach Statistics (2018-2026)
Data breaches continue to expose billions of credentials each year. Understanding breach trends helps contextualize the importance of password security and the shift toward passwordless authentication. From 2018 to 2026, the number of reported breaches has nearly tripled, while the total number of exposed records has fluctuated wildly based on a few massive incidents each year.
The good news: average password length in breach databases has grown from 7.2 characters in 2018 to 9.8 characters in 2026, and password reuse has dropped from 65% to 38%. This reflects the growing adoption of password managers and improved security awareness. The bad news: 9.8 characters is still below the 12-character minimum we recommend, and 38% reuse means more than a third of users remain vulnerable to credential stuffing.
The most impactful breaches of 2024-2025 included a major social media platform (2.1 billion records), a cloud services provider (890 million records), and a healthcare system (340 million records). These incidents underscore that no organization is immune, and that strong, unique passwords are your first line of defense when — not if — a service you use is breached.
Data Breaches and Records Exposed (2018-2026)
Source: OnlineTools4Free Research
Average Password Length and Reuse Rate (2018-2026)
Source: OnlineTools4Free Research
Password Managers & Multi-Factor Authentication
Password managers have grown from a niche security tool to a mainstream application, with adoption reaching 54% in 2026. The correlation between password manager use and security outcomes is clear: users with password managers maintain an average of 41.5 unique passwords compared to 3.2 for non-users in 2018. This eliminates the most dangerous password behavior — reuse.
The password manager market in 2026 is led by 1Password, Bitwarden, and Apple Keychain. Bitwarden stands out as the only fully open-source option with free and premium tiers. Apple Keychain has gained significant share by being built into iOS and macOS with seamless iCloud sync. For cross-platform users, 1Password and Bitwarden offer the best coverage across all operating systems and browsers.
Multi-factor authentication adds a second verification layer beyond passwords. SMS-based OTP remains the most adopted method (62%) despite known vulnerabilities including SIM swap attacks and SS7 protocol interception. Authenticator apps (34%) offer better security through time-based one-time passwords (TOTP) that do not traverse the cellular network. Hardware security keys (8%) provide the strongest protection — phishing attacks cannot steal a physical key.
Passkeys (FIDO2 WebAuthn) represent the most significant shift in authentication technology since passwords themselves. At 18% adoption in 2026, passkeys are still early but growing rapidly. They use public-key cryptography — your device holds a private key that never leaves it, and the service holds only the corresponding public key. This eliminates password database breaches entirely (there are no passwords to steal), prevents phishing (the key is bound to the legitimate website domain), and removes the need for users to create or remember passwords.
Password Manager Adoption and Unique Password Count (2018-2026)
Source: OnlineTools4Free Research
Multi-Factor Authentication Methods
6 rows
| Method | Adoption (%) | Security Level | Vulnerabilities |
|---|---|---|---|
| SMS OTP | 62 | Moderate | SIM swap, SS7 interception |
| Authenticator app | 34 | High | Device theft, phishing relay |
| Hardware key (FIDO2) | 8 | Very high | Physical theft only |
| Biometric | 45 | High | Spoofing (advanced), not revocable |
| Passkeys | 18 | Very high | Account recovery complexity |
| Email OTP | 28 | Low-moderate | Email account compromise |
Recommendations
Based on our analysis of crack times, breach data, and current authentication technology, we offer the following recommendations ranked by impact.
1. Use a password manager — this is the single highest-impact action
A password manager eliminates password reuse and enables 20+ character random passwords for every account. The marginal cost (free for Bitwarden, $36/year for 1Password) provides orders-of-magnitude improvement in security compared to human-chosen passwords. Start with your most critical accounts (email, banking, primary cloud services) and expand from there.
2. Enable passkeys wherever available
Passkeys eliminate password-based attacks entirely. Major platforms including Google, Apple, Microsoft, Amazon, and GitHub now support passkeys. Enable them on every service that offers them. Your password manager can also store passkeys, making them easy to use across devices.
3. Minimum 12 characters for passwords you must create yourself
When you cannot use a password manager or passkey (e.g., your password manager master password, device PIN, work systems that do not support third-party tools), use at least 12 characters. A passphrase of 5+ random words is both secure and memorable. Avoid dictionary words with simple substitutions — use genuinely random combinations.
4. Enable MFA on all critical accounts — authenticator apps, not SMS
For accounts that do not support passkeys, enable multi-factor authentication using an authenticator app (not SMS). This protects against credential stuffing and phishing even if your password is compromised. Prioritize email accounts, cloud storage, and any account that controls access to other accounts.
5. Check whether your credentials have been breached
Services like Have I Been Pwned allow you to check whether your email address or passwords appear in known breaches. Many password managers also include breach monitoring. If any credential appears in a breach, change it immediately and ensure it is not reused elsewhere.
Try It Yourself
Use our Password Generator to create strong, random passwords. Every password is generated entirely in your browser — we never see or store the passwords you generate. You can customize length, character sets, and choose between random strings and passphrases.
Try it yourself
Password Generator
Want to check how strong your current password is? Our Password Strength Checker analyzes entropy, checks against common password lists, and estimates crack time — all client-side, without ever transmitting your password.
Try it yourself
Password Strength Checker
Raw Data
All data from this report is available for download. The datasets include crack time estimates, common password rankings, breach statistics, and entropy calculations. Use this data for your own security analysis, presentations, or research.