T
11
c/cybersecurity-tipswyatt771wyatt7711mo ago

Found out my old passwords were all cracked in under 2 minutes

I was messing around on haveibeenpwned last night after seeing a post here, and decided to check how fast some of my old passwords would get cracked using a free online tool. Turns out my 'secure' password from 2015, which was like 10 characters with a number and symbol, got cracked in 47 seconds. I used to think I was being smart mixing in special characters, but those hashcat algorithms just blow through that stuff now. The crazy part was seeing that a simple 8 character password takes literally milliseconds to crack if you're using GPU clusters. I found a site called hashcat.net that shows benchmark stats, and it scared me straight. I switched to a password manager with randomly generated 16 character strings and turned on 2FA everywhere after that. Has anyone else run their old passwords through a cracker just to see how fast they fall?
2 comments

Log in to join the discussion

Log In
2 Comments
the_derek
the_derek1mo ago
my 'secure' password from 2015, which was like 10 characters with a number and symbol, got cracked in 47 seconds" - yeah that's the part that got me too. I ran a bunch of my old passwords through a similar tool and it was pretty humbling. The thing is those hashcat benchmarks people post online are using like 8 high end GPUs in a cluster, so real world cracking is probably slower for most attackers. But still, 47 seconds is nothing when you think about it. What really opened my eyes was seeing that even a 12 character password with mixed case and symbols gets chewed through in under an hour if it's not truly random. The whole "add a symbol and a number" advice from a decade ago was basically useless, the algorithms just run through all the common substitutions automatically. Now I'm paranoid about every old password I ever used.
6
angelaellis
angelaellis1mo ago
Yeah that gut feeling when you see just how fast they fall is rough. I ran some of mine from like 2012 and one was gone in under 30 seconds, made me feel like an idiot for thinking I was being clever. The password manager route is the only way to sleep at night now, honestly.
4