Password Cracking Is Easy: Here’s How to Do It

For less than $50, someone can crack the average password.


Cracking a majority of passwords can be easier than you think. By the time you’re done with this article, you’ll know how it’s done, and will probably have all the knowledge and tools you need to crack passwords yourself (I’m not saying this as a way to encourage you to try, but rather as a warning to highlight the importance of using a strong password because of just how simple it can be to crack an easy one).

A computer that can crack an 8-character password in 4.2 hours would need 5.7 trillion years to crack a 16-character one.

When it comes to preserving your privacy and identity on the Internet, passwords are the most common for protection. It’s so common that most of us take its importance for granted. Every website we visit, every service we sign up for, requires a password as a form of identity verification.

But few people take passwords seriously; as a result, many of the Internet’s passwords are 8 characters and hashed with MD5 (if you don’t know what that means, don’t worry, I’ll go into detail about it in this article), which can be cracked by someone who wants to spend $50 on some hardware. With such a threat to your current or future self, it’s time to take password creation more seriously.

Brute Forcing Passwords

Brute-forcing, put simply, is a method for password cracking where the attacker attempts to try as many different possible password combinations as possible, based on a set of parameters. For example, a parameter could be set by a website where the password must be between 8–16 characters. In the simplest model, the password cracker may begin by trying 00000000. Then it may try 00000001, 00000010, 00000100, and so on and so forth until it has tried every possible combination of allowable characters.